Baffled by Incidents? Security incident handling made easy.

STORM supports your team in delivering efficient incident management.
Time savings through proven security processes
Faster and accurate handling of process steps through predefined and proven security processes that are aligned with leading taxonomies and frameworks. Communicate with the right people and connect the right tools – get all hands on deck fast. STORM communicates with third-party tools using integrated web services.
Security and compliance are a top priority
STORM supports digital encryption and signing standards, like PGP and S/MIME. Our solution is audit-ready. The documentation of all activities, such as the artifacts and the forensic evidence analysis, are tracked and can be audited at any time. STORM can be used in a completely offline environment.
Get started right away
Our experts have everything preconfigured for you. STORM comes with pre-defined classifications and ready-to-use incident processes. There's no time-consuming configuration or setup required. You can simply start right away and forward all support requests via email to STORM.

Award-winning quality
STORM was developed on the foundation of OTRS Service Management Software into a full-fledged Incident Response System including SOAR functionalities by the security experts of OTRS Group.
Get started with STORM today. Choose response over risk now.
In addition, STORM has already won awards, including the Incident Management Infosec Award in the “Cutting Edge” category.


Typical use cases
STORM is not just a cyber defense solution. It is also the solution for corporate security and the defense and security sector in general. It is suitable for ITSM use cases that have increased security requirements as well as for high-security applications in the military, BOS or defense industry.





Functionalities
Benefit from professional STORM features that relieve your security team, make work faster, reduce errors and support evaluation.





Easy Tagging of Incidents, Events, Cases and Attachments
Events, incidents, assets and other tickets can be easily tagged. The tags can be used as filters in the list views. Define labels individually and/or across teams for more structure in daily work. This gives you a better overview of already existing information and classifies your analysis results.



Automation and Processes
STORM offers the possibility to map processes and workflows as well as to automate them where necessary. A variety of field types help to capture data in a structured way and make it possible to evaluate activities. With the help of templates, new processes can be adapted quickly. Rule-based stakeholders and role-related notifications can be conveniently mapped.




Predefined Taxonomy Fields for Easy Reporting and Classification
Predefined classifications for incidents and events allow for simple taxonomy-based classification according to established standards. These include KRITIS-compliant classification (according to §8b paragraph 4 BSIG) as well as ENISA‘s Reference Security Incident Classification Taxonomy.
STORM also offers the possibility to classify information using the Traffic Light Protocol (TLP) and to use this classification in notifications.
Additional classifications can be easily added.


Enhanced Encryption Features via PGP & S/MIME (HSM supported)
Benefit from the advantages of end-to-end encryption and signing communication via PGP & S/MIME. Private keys on hardware security modules can also be used for encryption and signing.



Integration via Web Services
STORM has multiple possibilities to interact with third party applications via open web service standards. Data can be sent to other tools automatically or based on a process workflow, and the responses can be processed in the system. Events, incidents and other requests can also be opened via this path.
Predefined interfaces to VirusTotal, VMRAY and other solutions allow fast adaptation to existing workflows.

Compliance Logging Features
All ticket actions are logged. This makes it possible at any time to track who has added, changed or read which information. The download of attachments is also logged.
STORM Solution Service Packages
GREEN
On-Premise
-
9:00 am - 5:00 pm weekday support
-
10 Concurrent Agent Sessions
-
Web Services
AMBER
On-Premise
-
8:00 am - 8:00 pm weekday support
-
25 Concurrent Agent Sessions
-
Web Services
-
Air Gap System (optional)
RED
On-Premise
-
24/7/365 support
-
100 Concurrent Agent Sessions
-
Web Services
-
Air Gap System (optional)
FAQ
STORM powered by OTRS is the solution for numerous security topics, use cases and teams:
- Cyber security teams (operational) such as SOC and CERT/CSIRT,
- Product security teams (PSIRT)
- Corporate security teams (e.g. factory security, travel security, industrial espionage teams)
- Strategy and governance teams as part of IT security management systems (ISMS) in conjunction with other solutions.
In addition, STORM covers basic SOAR functions.
SOAR means security orchestration, automation and response. According to this principle, SOAR software supports security analysts in processing security-relevant information.
The three steps in detail:
- Orchestration: STORM connects with other security tools such as threat sharing and threat intel platforms, to analyze events and resolve incidents faster.
- Automation: The software automates security-relevant processes and individual process steps, making them faster and less error-prone.
- Response: STORM consolidates the reported events, including categorization and analysis of the data.
STORM can be seamlessly integrated into the existing IT and security tool landscape using a comprehensive web service framework, and it offers continuous encrypted communication. This allows you to send data automatically – or via a process-based workflow – to other tools. The responses are then processed directly in the system.
In this way, STORM acts as a central hub where all information and data from the cyber security toolchain is gathered and can be forwarded. All measures – for example through artifacts or forensic evidence analyses – are documented in an audit-proof manner so that they can be traced and audited at any time.
Common processes and classifications are already predefined for quick and uncomplicated use.
The SOAR solution STORM can be used for different security incidents. For example, in the following areas:
- Cyber defense
- Corporate security in general (also KRITIS)
- Defense and security industry in general
- ITSM use cases with increased security requirements
- High-security applications in the military, BOS or defense industry
- IT security management (ISMS)
STORM supports operational cyber security teams like SOC and CERT/CSIRT, product security teams (PSIRT) and corporate security teams.
STORM is a SOAR and incident response software with the focus on communication. Thanks to pre-defined processes and classifications, companies save time during implementation and their teams can work efficiently, in a structured and error-free manner. Digital encryption and signing standards such as PGP and S/MIME as well as complete audit proofing ensures compliance and security. It’s also possible to connect STORM to third-party providers via web services and customize processes.
The OTRS Group offers public training in addition to the consulting days for the implementation of the new software in your company. These training classes help your employees understand the basic functions of the software.
Find out more in our Academy.
STORM does not communicate externally by default. STORM is therefore suitable for so-called air gap systems, i.e. offline environments in the ITSM and security sector.
All communications are digitally encrypted and signed using standards such as PGP and S/MIME. STORM offers complete audit security.
Information can be classified using the Traffic Light Protocol (TLP). Incidents and events can be classified with established taxonomies such as the Reference Security Incident Classification Taxonomy of ENISA or KRITIS. Additional classifications can be added.
All classifications can also be used in the notifications.