IRIS: Your Open-Source Ally in Incident Response

Estimated read time 3 min read

Hello cybersecurity professionals and threat hunters! Allow me to introduce you to a tool that could be your new best friend in incident response: IRIS.

What is IRIS?

IRIS stands for the Incident Response Investigation System. It’s an open-source tool that you can find on GitHub. What makes it stand out is that it is a web collaborative platform, designed specifically for you, the incident responders​.

IRIS dashboard
IRIS dashboard

Collaborate Like Never Before

One of the primary goals of IRIS is to enhance collaboration among analysts during engagements. It streamlines the organization of various elements involved in incident response, without imposing rigid workflows. Why? Because every team has its unique rhythm, and IRIS respects that.

Use your own templates in IRIS
Use your own templates in IRIS

Stay Alert with IRIS

But it’s not just about collaboration. IRIS also functions as an alert center, capable of receiving alerts from SIEM or any other sources. These alerts can be triaged, commented on, linked to cases, and other alerts. Once assessed, they can be escalated to cases. It’s a streamlined process designed to keep you ahead of threats.

Extensibility at its Best

IRIS isn’t just a one-size-fits-all platform. It’s designed to be extensible, with the ability to be augmented with custom modules to fit your specific needs. By default, IRIS comes equipped with VirusTotal, MISP, WebHooks, and IntelOwl. But you’re not limited to these—you can add what you need.

IRIS dashboard with quick functions
IRIS dashboard with quick functions

Seamless API Integration

IRIS’s API integration means you can manage investigations as if you’re physically in front of the interface. This feature allows for automation and integration with existing tools, creating a more fluid and efficient workflow.

Quick and Easy Deployment

Forget about installation headaches. Deploying IRIS is a breeze with Docker Compose. You can set it up in just a few minutes, and it’s even light enough to be installed on a small laptop for on-the-go investigations.

The Masterminds behind IRIS

Ever wondered who is behind this innovative platform? IRIS was conceived within the French CSIRT of Airbus Cybersecurity, brought to life by a tight-knit team of dedicated incident response analysts.

Timeline creation in IRIS
Timeline creation in IRIS

Since its inception in 2020, IRIS has proven its mettle in the field. It’s been applied in over a hundred investigations, tackling everything from routine incidents to complex cyberattacks. Today, IRIS stands strong as an independent project, a testament to the vision and hard work of its creators.

Download IRIS

  • Download it via the Github page (Link)
  • Download it via the official IRIS website (Link)
  • Read the official documentation of IRIS (Link)
  • Try IRIS in online demo environment (Link)

Done reading? Join Cyberwarzone on Telegram.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author