FIRST is providing several different trainings with the goal to educate new CSIRTs and enhance the capabilities of current teams. All material is available under the Creative Commons BY-NC-SA 4.0 license.

If you are interesting in hosting a training please contact us through

FIRST CSIRT Basic Course

The goal of the basic course is to give an introduction into the operation of a CSIRT. It consists of the following six modules:

  1. CSIRT Fundamentals
  2. Starting with a CSIRT
  3. CSIRT Operation
  4. Working with Information Sources
  5. Incident Coordination
  6. CSIRT Performance Measurement

FIRST Fusion Course

Services that conduct analysis and inclusion of multiple data sources. Take feeds of information, regardless of the source, and integrate it into an overall view of the situation (Situational Awareness).

The need for this training is identified by existing and upcoming CSIRTs. In both instances they are looking how to serve their constituency by providing appropriate information.

The training will cover the following topics:

It consits of seven modules:

  1. Actionable Information
  2. Collection
  3. Preparation
  4. Storage
  5. Analysis
  6. Distribution
  7. Lab: Extracting Indicators
  8. Lab: Handout

Mastering CVSSv3

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. This self-paced elearning course will specifically help you master CVSS version 3.0.

In this course, you will learn how to:

The course is available on our Learning Platform