Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Incident tracking database

Re: Incident tracking database

From: Chris Adams <chris_at_improbable.org>
Date: Thu, 5 Dec 2002 22:24:25 -0800

On Wednesday, December 4, 2002, at 06:15 PM, Russell Fulton wrote:
> The features are:
> 1/ the ability to log tickets directly from programs (preferably across
> the network) in a straight forward manner.
> 2/ the ability to produce standard emails from standard templates and
> stuff stored as part of the ticket. Eg. incident notification to sites.
> 3/ the ability to add things like whois lookups that extract
> information
> and add it to the ticket which can then be used in 2.

You might want to look at RT (http://www.bestpractical.com/) - it has a
public Perl API which we've used for all sorts of management functions
(e.g. I've written simple scripts to do things like email admins with
their open / stalled tickets or modify certain tickets to fit a couple
odd wrinkles in our environment). The system uses per-queue templates
and allows you to fire off certain actions on various events so you can
frequently do everything with the web-interface. The system is designed
to be extended and it's pretty hackable - it didn't take very long to
add the code to authenticate local users against our NIS server (remote
users still get the default password in RT's database).

While you can put tickets in using perl we almost always use the web
interface or email for that. The wrinkle we have is a perl script which
I wrote which takes inbound mail, determines whether it's from a user
with an account on our system and if so routes it into the queue for
their lab instead of the general helpdesk queue. It'd be pretty easy to
modify this to do things like your whois mentions - I'd have it toss
the message in and automatically add a comment (which only admins see)
containing the extra data - in addition to preserving the original
message intact, this would allow lengthy stuff to be done
asynchronously if you have some complex processing to do.

Chris

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Dec 09 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos