API of the month: api.first.org


The Forum of Incident Response and Security teams (FIRST) offers an API to a subset of their database exposing teams.

„The Teams public information (available at http://www.first.org/members/teams) is available for querying using the method/data model /teams. This is the available endpoint for this data source:“

FIRST API screenshot


The API is free and comes at no charge.

Signing up for the

Example 1

As an example, I have a script that can be a subroutine of an abuse handling process where the input is the name of the organisation an IP belongs to (based on Whois) the script is tasked to find a suitable responsible party who can deal with abuse handling.

Example 2

Second example, the input is a country, that might be revealed by using whois data for a particular IP, triaging the source to a specific country. The lookup should return a suitable national incident response team to assist in abuse handling.

Target audience

  • Incident responders who want to automate notification or lookup of peer teams
  • abuse handlers to lookup responsible CERT / CSIRTs or national Incident Response teams

Let’s talk about time – in a different blog

I wrote a blogpost, but in a different blog that I however wanted to link to. It is a blog that is maintained by a bunch of open source digital forensics incident response people some of which are my current team mates.

The blogpost is about Time. More specific on some general ideas and concepts around time. It then goes on to explain how time is relevant in IT and why it is important in digital forensics. It also contains some recommendations that everyone can (and should) apply.

Here is a except of the goal of the blog post:

This article explains the importance and challenges of time in digital forensics and incident response. You will learn how time is handled in various open source tools and get practical tips on managing time in your environment.

Are you curious: go over to: https://osdfir.blogspot.com/2021/06/lets-talk-about-time.html