(Docker) IROT — Incident Response & Operations Toolkit

(Docker) IROT — Incident Response & Operations Toolkit
£999.00
Item number: HNBT-1EYS5F3QJN

(6 Months Support - Email & Phone)

Self-hosted IR platform with real-time alerts, incident timelines, and webhook ingest. One-off licence, no subscriptions.

Overview
IROT gives security teams a fast, focused command centre for incidents. Create and track cases, capture evidence, extract IOCs, and keep everyone in sync with real-time updates. Bring alerts in via webhooks, enrich them into actionable incidents, and move from signal to resolution without handing your data to a third party.

Key features

  • Incidents & timelines — Severity, status, owners, and an audit-ready timeline of every action.

  • Alerts inbox — Triage, link to incidents, and see what changed at a glance.

  • Evidence & IOCs — Attach artefacts, notes, and automatically extract indicators.

  • Real-time collaboration — Live updates and notifications so teams never work on stale data.

  • Webhook ingest — Drop-in endpoint to receive events from your SIEM/EDR and custom apps.

  • API keys — Simple API access for automation and integrations.

  • Team-friendly auth — Organisation-scoped, user management built-in.

  • Self-hosted by design — Keep sensitive data on your own infrastructure.

What you get

  • Packaged web app (backend + UI) ready to deploy.

  • Install notes and quick-start sample data.

  • One-off perpetual licence for a single organisation.

  • 12 months of updates & email support included (optional maintenance after that).

Requirements

  • A Linux or Windows server (or VM/container) with Python 3.x.

  • SQLite included by default; Postgres supported as an upgrade.

  • Mail credentials for notifications (optional but recommended).

Perfect for
MSSPs, internal blue teams, incident responders, SOC analysts, and technical founders who want a practical, lightweight IR platform without ongoing fees.

Optional add-ons

  • Installation & hardening

  • Branding (logo/colours/login)

  • Postgres + backup scripts

  • Custom webhook mappers (e.g., ELK/Splunk/CrowdStrike)

Licensing
Per-organisation, perpetual, self-hosted. No data collection, no subscription. Commercial use permitted under the licence terms provided at purchase.