Kanvas: Open-source incident response case management tool

Source: Help Net Security

Author: Mirko Zorz

URL: https://www.helpnetsecurity.com/2025/07/09/kanvas-open-source-incident-response-case-management-tool/

ONE SENTENCE SUMMARY:

Kanvas is a Python-based, open-source incident response tool that streamlines investigations with Excel integration, visualizations, and threat intelligence features.

MAIN POINTS:

1. Kanvas is an open-source incident response case management tool with a simple desktop interface.
2. Built in Python, it uses Excel as a backend for collaboration and easy data sharing.
3. Supports Markdown note-taking for structured, portable, and exportable investigator notes.
4. Enables external lookups to provide contextual data without switching tools during investigations.
5. One-click data visualizations help infer timelines and lateral movement, exported as images for reporting.
6. Integrates MITRE D3FEND to map threat actor techniques to defensive strategies.
7. Future updates will include Diamond Model mapping and additional visualizations.
8. Plans to integrate LLMs for automated, accurate draft report generation from spreadsheet data.
9. Upcoming support for MISP and OpenCTI will allow direct threat intelligence platform integration.
10. macOS users will benefit from UI enhancements aimed at better usability and performance.

TAKEAWAYS:

1. Kanvas centralizes incident response workflows using familiar Excel files as a foundation.
2. Markdown notes and visual reporting boost portability and documentation efficiency.
3. Visualization tools save time by simplifying data interpretation and presentation.
4. Integration with MITRE D3FEND helps bridge threat analysis and defense planning.
5. Planned LLM and threat intelligence integrations will enhance automation and contextual awareness.