Skip to content

Collaborative, web-based case management for incident response

Notifications You must be signed in to change notification settings

veeral-patel/true-positive

Repository files navigation

True Positive

True Positive is a collaborative, web-based case management tool for incident responders.

Screenshots

Key features

  • Add tasks to cases, which you can then assign and comment on
  • Add IOCs like IP hashes, domains, URLs to a case, and then tag them and comment on them
  • Build case and task templates to standardize incident handling for different case types
  • Create cases from inbound emails
  • Restricts access to cases to those users/groups who are given explicit access
  • GraphQL API with interactive playground that lets you automate anything you can do via the UI
  • Customize case statuses and priorities to suit your organization's workflow
  • Merge duplicate cases together
  • Dark mode

You may like True Positive if:

  • You're using Jira, SharePoint, Google Docs, or a service desk tool and are looking for a more specialized tool.
  • You've checked out TheHive, RTIR, or other existing case management tools and found that they don't meet all your needs.
  • You work at an internal detection/response team, a SOC, a MSSP, or an incident response firm.

Getting started

Please see this page to get True Positive running locally!

Tech stack

True Positive has three components:

  • A Postgres database
  • A GraphQL API, built with Ruby on Rails
  • A React SPA, built with TypeScript, Apollo, Reach Router, MobX

Additionally, our landing page is built with Gatsby.js and our documentation site is built with Docusaurus.