RESTENA CSIRT Incident Reporting Form The following form has been developed to ease gathering incident information. If you believe you have been involved in an incident, please complete - as much as possible - the following form, and send it to csirt@.restena.lu If you are unable to send email, please fax it to +352 42 24 73 This information will be treated confidentially, as per our Information Disclosure Policy. This form is an adaptation of CERT/CC's incident reporting form, version 5.2. Your contact and organisational information 1. name......................: 2. organisation name.........: 3. are you a RESTENA customer.: 3.a if no: sector type (such as banking, education, energy or public safety)...........: 4. email address.............: 5. telephone number..........: 6. other (fax, ...)..........: Affected Machine(s) (duplicate for each host) 7. hostname and IP...........: 8. timezone..................: 9. purpose or function of the host (please be as specific as possible).............: Source(s) of the Attack (duplicate for each host) 10. hostname or IP...........: 11. timezone.................: 12. been in contact?.........: Description of the incident (duplicate in case of multiple incidents) 13. dates....................: 14. methods of intrusion.....: 15. Tools involved...........: 16. Software versions........: 17. Intruder tool output 18. Vulnerabilities exploited 19. Other relevant information ----------------------------------------------------------------------