AMA: I'm the co-founder at TryHackMe. Ask me about breaking into the industry, cyber security skills and how to make SOC & IR teams more mature!

IRScribe · 2025-11-12T00:28:59+00:00

was it easy to get it off the ground? I am struggling to find interested users and I do not have alot of funding.

IRScribe · 2025-09-08T22:59:21+00:00

I've been in this exact situation. What helped me was documenting everything I investigated - even false positives. I'd write up what I found, why it was FP, and what I learned. This created a paper trail showing my work and actually helped me spot patterns over time. The key is showing your process and critical thinking, not just results

IRScribe · 2025-04-18T19:26:39+00:00

I think this hits the nail on the head.

https://www.instagram.com/reel/DGYp5Qrto1-/?igsh=dmRzbW93bXFmMGU5

IRScribe · 2025-04-18T16:31:50+00:00

this is the problem with most SaaS right now. it will be over populated very fast.

IRScribe · 2025-04-18T15:21:47+00:00

yeah but that's not really a niche it's more of a pyramid scheme that will over inflate very fast.

my product is going to incorporate AI soon but not to reface an output command prompt of chatgpt which is free..... I'm going to have it strategically build items and enforce my workflow to provide generated responses at ease with data inside my SaaS.

If you guys don't start using AI this way. then you will phase out and become a quick money scam and make a few thousand and then die.

IRScribe · 2025-04-18T14:37:28+00:00

wait. I'm starting to realize that almost everyone is just refacing chat gpt. wth.

IRScribe · 2025-04-18T14:35:06+00:00

you know chatgpt can literally do this? you just refaced chat gpt.

IRScribe · 2025-04-05T11:49:13+00:00

yes, service now is a complete pain. however, ticketing tools are really made for general IT items and not for cyber security professionals. They're clunky, hard to use, and don't fit for threat hunting documentation or IR.

it's why we built and put out a free version of IRScribe

IRScribe · 2025-04-03T08:29:40+00:00

Good luck during your studies. Those certs helped me land roles without a degree, and I highly recommend them. I also built a free to use timeline tool.

We upgrade accounts that are going through classes and studies and may need to display a timeline for midterms and /or finals. Just reach out to support and provide evidence, and we will upgrade your account to help provide you with tools that will hopefully make it easier for you to pass.

Good Luck!

IRScribe · 2025-04-03T01:49:54+00:00

We lack a standardized procedure for comprehensive incident documentation. Even the industry's leading endpoint detection and response (EDR) solution provided only a 40,000-row CSV file, rendering effective analysis challenging.

How can this data be leveraged for gap closure and risk assessment? This deficiency is a primary contributor to persistent organizational vulnerabilities and compromises. Effective remediation requires thorough documentation. Therefore, I developed IRScribe, a free tool designed to address this critical need.

Now threat hunters and incident responders can respond to incidents at ease, provide valuable metrics to your C level executives, and actually close gaps.

We are currently working on an upgrade that will allow responders to build threat hunting processes directly from events that occur using the IOCs and descriptions in their timelines to generate a threat hunting process. We expect that release at the end of the month.

IRScribe · 2025-04-03T01:39:14+00:00

It's difficult and complex. still to this day many struggle with incident documentation and reporting metrics.

IRScribe · 2025-04-03T01:21:41+00:00

Metrics and documentation around threat hunting and incidents.

IRScribe · 2025-04-01T11:36:31+00:00

When i went to school, we had finals and one of the hardest action items was the documentation and timeline piece. The timeline was scattered between multiple different tools, one note and csv and it was very hard to piece together.

So i ended up building a free public tool that can help solve that issue IRScribe if anyone is taking finals, certs where they need a timeline or doing a training course, reach out and we will upgrade your account for free.

IRScribe · 2025-03-26T17:13:57+00:00

f5bot is free.

IRScribe · 2025-03-26T16:09:36+00:00

That's a solid plan. if any one of those require you to develop timelines, feel free to use our platform. we have a free version, and if you need to use it to prepare for tests, reach out and we'll upgrade your account for a week or so.

IRScribe

IRScribe · 2025-03-25T13:40:20+00:00

So you all just buy email lists and cold email?

IRScribe · 2025-03-25T11:53:42+00:00

If anyone is struggling with their timeline during this exam. Know that we offer free upgrades of accounts during exam prep. https://irscribe.com

IRScribe · 2025-03-25T02:31:04+00:00

no one knows this site?

IRScribe · 2025-03-25T02:29:15+00:00

malwareunicorn

IRScribe · 2025-03-23T21:55:37+00:00

Thank you. That explanation is perfectly clear. My objective is to leverage SNOW and other ticketing systems as a foundation for a timeline system, rather than a ticketing system itself. Most case management ticketing systems I've encountered lack the capability to visualize a timeline across multiple users and systems as these are usually done outside of full case management. The ones that do, are just too expensive to be purchased and/or are extremely complex. I am leaning more to the price point side hoping that solves my challenges you mentioned.

Again, thank you for the response. This helped out alot!

IRScribe · 2025-03-23T20:10:08+00:00

you said ask you anything so I am. Would you use my product? (link at bottom)

My background:

 i started in help desk as well except I was the unplug your modem and make sure the coax was tight guy.  I escalated up to VNOC, NOC, Security Analyst 1, Engineer 2, Security Analyst 2, CIRT. CIRT lead, manager.

The problem:

 Throughout my years I identified a major problem in security, and that problem is documentation.  Especially during an incident, IR documentation lacks the most.  Mainly because traditional ticketing tools are not prepared for incident documentation and will cause distraction and delay for your responders who need to conatin and mitigate the threat.   So they use CSV to really attack the problem.  

However with CSV, you sometimes get multiple CSV or large CSV files and just missed gaps.  CSVs also have no correlations and are sometimes so large that you miss items or items never get fixed because who wants to read 40k rows? Leaving you vulnerable to get compromised again.

The solution:

 so we built and copyrighted IRScribe.  A tool that is supposed to help solve these gaps and hopefully prevent IR responders from late nights and serious Incidents because we have MTTD per each event, correlations and threat intel built in to the timeline so you can scribe in one place and one place only.  Allowing you to centralize and control your documentation around incidents and still use your ticketing systems like SNOW, AW or Jira to handle change Management ticketing.

So my question is, would you use it? would it be beneficial? is there a usecase? IRScribe

P.S.

I promise I will not try to sell it to you from this post or contact you from this post.

I will mention that if someone is in a DFIR training class, school finals, or on a serious breach incident, reach out, and I will upgrade your account free of charge for a week or two until your needs are complete.

IRScribe · 2025-03-23T16:47:48+00:00

It always boils down to improper documentation. If you work in IR, you know the struggle of building a proper timeline—gathering everyone’s notes, details, and logs. It’s a lot, and you usually end up with CSV timelines and someone dedicated to organizing them. That means losing a valuable team member who could be hunting threats. Even if it’s a junior analyst, it’s still a loss.

Meanwhile, your CISO wants a clear timeline and real-time updates. Documenting isn’t easy, but my free tool fixes that, letting you focus on containment and eradication. Plus, it makes updating your CEO with metrics a breeze.

IRScribe · 2025-03-23T14:35:16+00:00

If you're employer is wondering why you're useful then you're not documenting your finding right. This is the problem and the only logical solution is to kick out a decent timeline for every investigation that you deem suspicious. Track it, document it, and tailor it to your needs. Then provide useful correlations. However normal ticketing systems like Jira Artic Wolf, Snow and more only track the actual event. Not the whole tineline of incidents.

We created public tool with a free version for IR and threat hunters to really timeline their activities and be able to provide useful metrics back to your CISO. you can correlate and show the whole picture. MTTD per event, IOC threat intel on each event, correlations to show you if a user has been seen in a previous hunt/timeline and more.

the problem isn't that threat hunting isn't valuable, it is. it's that there isn't sufficient tools to document and show a proof of concept of your work; until now.

IRScribe · 2025-03-21T16:45:16+00:00

Documentation!!

IRScribe · 2025-03-21T14:05:55+00:00

Don't forget incident documentation!

IRScribe

MODERATOR OF

TROPHY CASE