RTIR is an open source incident handling system targeted for computer security teams.
The tool allows you to structure your tickets and tasks in a more advanced flow than a "standard ticket". There are Incident Reports, Incidents and Investigations.
Each ticket has also some additional meta-data assigned, such as a the constituency.
For some reasons you might want to give access to your ticket tracking system to your constituents. Each user will then be able to see all tickets that either they reported, or where they are owner. However if you have two users who are in the same constituency, let's say "FOO" you need to use the add_constituency script as explained in these instructions.
It is also possible to pre-set the constituency by email as explained here, however the problem is that this doesn't work if you don't run the mailserver on the ticketing system and fetch your mails via a tool like fetchmail.
Fortunately RTIR is powerful enough and can be extended by the use of scrips to automate certain actions. To do this follow these instructions:
The tool allows you to structure your tickets and tasks in a more advanced flow than a "standard ticket". There are Incident Reports, Incidents and Investigations.
Each ticket has also some additional meta-data assigned, such as a the constituency.
For some reasons you might want to give access to your ticket tracking system to your constituents. Each user will then be able to see all tickets that either they reported, or where they are owner. However if you have two users who are in the same constituency, let's say "FOO" you need to use the add_constituency script as explained in these instructions.
It is also possible to pre-set the constituency by email as explained here, however the problem is that this doesn't work if you don't run the mailserver on the ticketing system and fetch your mails via a tool like fetchmail.
Fortunately RTIR is powerful enough and can be extended by the use of scrips to automate certain actions. To do this follow these instructions:
- As admin go to Tools > Configuration > Queues > select.
- Then select “Incident Reports” and go to the “Scrips” tab.
- Create or Edit the Scrip called “AutoConstituency”:
- Condition: On Create
- Action: User Defined
- Template: Global template: Blank
- Stage: TransactionCreate
- In the custom action preparation code set:
- return 1;
- In the custom action cleanup code:
# Domains we want to move
# From most specific to least specific, so first hit will match
# List of regular expressions of the email sender.
# Stop at first hit, so most specific = what’s applied
my %domain_map = (
'\@google\.com' => "GOOGLE",
'\@fosdem\.org' => "FOSDEM",
'\@brucon\.org' => "BRUCON",
'.*' => "Other",
);
# Check each of our defined domains for a match,
# stop at the first hit
foreach my $domainKey (keys %domain_map ){
if($self->TicketObj->RequestorAddresses =~ /^.*?${domainKey}/) {
# Domain matches - set the right Constituency
my ($status, $msg) = $self->TicketObj->AddCustomFieldValue(
Field => 'Constituency',
Value => $domain_map{$domainKey},
);
RT->Logger->warning( "##### Couldn't set CF: $msg" ) unless $status;
return 0;
}
}- save the scrip
This will do the magic.