Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Incident tracking database

Re: Incident tracking database

From: Russell Fulton <r.fulton_at_auckland.ac.nz>
Date: 05 Dec 2002 15:15:41 +1300

On Wed, 2002-12-04 at 21:13, Holger Kipp wrote:
>
>
> Danny (Danny_at_drexel.edu) wrote:
>
> >
> >Hey guys,
> >I've been looking for ages now and have not been able to find a real web based
> incident tracking system, so what I'd like to do is just throw the question out to
>
>
> There are several Trouble-Ticket Systems available.
>
> See for example gnats (which is email-based, but there is a webfrontend available)
> or the oneorzere Helpdesk System (open source, at http://helpdesk.oneorzero.com).
>
> For a very good and detailed overview, see http://linas.org/linux/pm.html
>
> Another very customizable system is scarab (http://scarab.tigris.org/) - looks very
> good to me, though it has some requirements (Java SDK1.3 or higher, Ant, Tomcat,
> MySQL or Postgres).

There are certainly some very good ticket tracking systems, but all I
have looked at appear to lack a couple of features that I want in a
system for tracking incidents. (Possible exception is the one that comes
with snortsnarf but it has other limitations).

The features are:
1/ the ability to log tickets directly from programs (preferably across
the network) in a straight forward manner.
2/ the ability to produce standard emails from standard templates and
stuff stored as part of the ticket. Eg. incident notification to sites.
3/ the ability to add things like whois lookups that extract information
and add it to the ticket which can then be used in 2.

I'd be delighted if I've missed something and the perfect system is
really out there.

I have my own system that fulfills these requirements but is otherwise
very rude and crude. I would love to marry its functionality into a
"proper" call tracking system. 

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand
"It aint necessarily so"  - Gershwin
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Dec 06 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos