GRNET CERT employs open source software to process, correlate and notify end users about the reports that it receives

Specifically, GRNET CERT has deployed AbuseIO: an open-source toolkit that can be used to receive and process abuse reports received by network operators (typically hosting and access providers) and subsequently notify the responsible administrators. In addition, GRNET CERT has made a number of modifications to AbuseIO, to better serve the needs of its partners. The service is now available at

The current version follows different methods to manage abuse events. In particular, by: (1) collecting and parsing relevant e-mail reports, (2) examining RPC push notifications, (3) collecting data from remote hosts (e.g. RSS subscriptions), (4) observing traffic monitoring tools used by GRNET. Once the data has been received, AbuseIO generates tickets and notifies the responsible partner based on the IP of the reported machine. Currently, the service can facilitate more than 90 contacts (mostly academic institutions). For each partner, we maintain the following contact details: name, abuse-email and the related netblocks.

Aggregated Tickets View

Until recently, partners could only receive emails and view individual tickets. The latest version of AbuseIO enables partners of the Delos Federation to connect with their institution credentials and view aggregated tickets of their organization. The AbuseIO entityID is the following:
To identify and authorize the user AbuseIO requires the following attributes:

  • eduPersonTargetedID
  • eduPersonEntitlement
Similar to other services provided by GRNET the entitlement must have a dedicated value
** **

Is my organization part of Delos Federation?
To check if your organization is an Identity Provider in Delos federation, you can view the list with all GRNET AAI participants: