Distributed Incident Management System (DIMS)

Project Summary

The Distributed Incident Management System (DIMS) project is intended to take semi-automated sharing of structured threat information (MITRE's STIX technology), building on the success of the Public Regional Infrastructure Security Event Management (PRISEM) project [*] and leveraging the tooling used by an existing community of operational security professionals known as Trident, and scale it to the next level. DIMS takes advantage of the open message bus architecture used by PRISEM, features that support identification of friend or foe, and the ability to integrate three data sources maintained by PRISEM (network flow history, event history, and attacker context history) to support the triage process, cross-organizational correlation of events, and anonymization to promote privacy-sensitive sharing of security event data. Working with use cases defined by MITRE and PRISEM users, building features necessary to simplify structured information sharing, and operationalizing these within these existing communities, will allow DIMS to fill existing gaps in capabilities and support existing missions that are slowed down today by many complicated, manual processes.

[*]The PRISEM project is being superceded by a not-for-profit known as the Public Infrastructure Security Collaboration and Exchange System (PISCES). The name PRISEM is being replaced where it occurs in DIMS documents as those documents are updated.

Released Source Products

DIMS software is being released through GitHub at <https://github.com/uw-dims>