The Forum of Incident Response and Security teams (FIRST) offers an API to a subset of their database exposing teams.
„The Teams public information (available at http://www.first.org/members/teams) is available for querying using the method/data model
/teams. This is the available endpoint for this data source:“
The API is free and comes at no charge.
Signing up for the
As an example, I have a script that can be a subroutine of an abuse handling process where the input is the name of the organisation an IP belongs to (based on Whois) the script is tasked to find a suitable responsible party who can deal with abuse handling.
Second example, the input is a country, that might be revealed by using whois data for a particular IP, triaging the source to a specific country. The lookup should return a suitable national incident response team to assist in abuse handling.
- Incident responders who want to automate notification or lookup of peer teams
- abuse handlers to lookup responsible CERT / CSIRTs or national Incident Response teams