Services
We provide a broad set of security-related services aimed at supporting connected institutions in preventing, detecting, and resolving cybersecurity threats. These services include incident management, monitoring and detection, vulnerability assessment, threat awareness, and knowledge transfer.
Each service is tailored to the needs of research and academic environments and is continuously adapted based on operational experience and feedback from the community.
More detailed information is provided in the linked pages for each service.
Information Security Incident Management
Security incident handling (CSIRT)
Coordination and methodological support for handling cybersecurity incidents across the CESNET e-infrastructure. Includes detection, triage, escalation, and collaboration with relevant operational teams using internal and non-public data sources.
➡️ Learn more here.
Event Analysis
Post-incident investigation service focused on reconstructing the timeline and answering specific forensic questions. Involves data preservation guidance, timeline reconstruction, and documented reporting.
➡️ Learn more here.
Information Security Event Management
Warden
A robust and secure system for sharing information about network and service anomalies. Enables security teams to exchange, verify, and analyze data to support incident response and improve network protection.
➡️ Learn more here.
Mentat
A modular Security Information and Event Management (SIEM) system for processing data from security tools such as IDS, IPS, honeypots, and logs. Provides unified analysis, correlation, and distribution of relevant information to responsible personnel.
➡️ Learn more here.
Vulnerability Management
Scanning
Systematic scanning of internal networks to identify active services and potentially vulnerable systems. The results are analyzed and matched with known vulnerabilities, with tailored recommendations delivered automatically via Mentat.
➡️ Learn more here.
Penetration Tests
Preventive testing service aimed at identifying and evaluating vulnerabilities in selected systems. Includes consultation, testing, recommendations for mitigation, and a final report. Regular testing is encouraged to track security posture over time.
➡️ Learn more here.
NESSUS
Temporary access to a full NESSUS Professional license for self-assessment of network security. Enables administrators to scan infrastructure with up-to-date plugins and compliance checks, beyond the limitations of the free version.
➡️ Learn more here.
Situational Awareness
NERD – Network Entity Reputation Database
Continuously updated database of known malicious IP addresses enriched with contextual metadata (source, frequency, geolocation, ASN, etc.). Designed to support threat intelligence and situational awareness. Public access available via web interface.
➡️ Learn more here.
PassiveDNS
Collection, long-term storage, and querying of historical DNS data to support incident investigation and anomaly detection. Access is provided via a web portal and REST API for both human users and automated systems.
➡️ Learn more here.
Situational Awareness (email, RSS, VA2AM)
Daily analysis and distribution of critical vulnerability information relevant to connected organizations. Alerts are curated and shared via dedicated mailing lists, RSS feed, and CESNET-CERTS Mastodon account to support timely risk mitigation and awareness.
➡️ Learn more here.
Knowledge Transfer
Phishingator
Web-based tool for creating and evaluating mock phishing campaigns. It supports security awareness training by simulating phishing attacks and analyzing user responses—no technical expertise required.
➡️ Learn more here.
Social Engineering Tests
Practical testing and training of organizational users to assess their resilience to social engineering attacks. The service includes simulated campaigns, evaluation of results, and user education to raise awareness of current attack techniques.
➡️ Learn more here.
Trainings
Hands-on training sessions focused on digital forensics, led by experienced instructors. The training includes two separate courses:
- Forensics Training 1:
- Introduction to digital forensics, data acquisition, timeline creation, and analysis.
- ➡️ Learn more here.
- Forensics Training 2:
- Focused on network forensics including NetFlow and full packet capture analysis.
- ➡️ Learn more here.
Both sessions combine theory with practical lab exercises and are designed to build incident response capabilities through real-world scenarios.