Home

rtir

RTIR most commonly refers to Request Tracker for Incident Response, an open-source incident-response management system built as an extension of the Request Tracker ticketing platform. RTIR provides centralized case management for security incidents, enabling teams to create, assign, and track investigation tasks, collect and attach evidence, and coordinate triage and remediation steps. It supports multi-user collaboration, role-based access control, audit logs, and customizable workflows, helping incident responders document decisions and maintain a coherent incident chronology. The system can integrate with indicators of compromise, vulnerability data, and external feeds, and it offers APIs and email-based notifications to streamline communication.

RTIR originated as an open-source project to assist CERTs, CSIRTs, and security operations centers in handling

While RTIR is most closely associated with incident response, the acronym can have other meanings in different

incidents.
It
ships
as
a
packaged
extension
for
RT
and
is
typically
deployed
on
Linux
with
a
database
backend
and
a
web
server.
Administrators
tune
permissions,
workflows,
and
field
mappings
to
fit
organizational
incident-handling
processes,
while
analysts
use
it
to
manage
statuses,
assignments,
and
evidence
from
initial
triage
through
closure.
domains.
In
the
information-security
community,
however,
RTIR
almost
always
refers
to
Request
Tracker
for
Incident
Response.