[rt-devel] IP tracking in RTIR
Security
security at ddiction.com
Tue Dec 2 22:19:02 EST 2003
Hello folks,
I'm not a coder myself, but I can see some strong possibilities in RT3
for grouping tickets based on "offending" IP address. As I'm sure most
are aware, determining the IP to be investigated by parsing inbound
abuse mail is at best a daunting task.
However courtesy of some fine tools at places like mynetwatchman,
dshield, spamcop and numerous others... the volume of standardized
reporting is definitely on the increase.
What I'm wondering is if anyone out there has already put together any
kind of pre-filtering system/scrip/module that parses inbound email
(either before it hits RT or as it's queued) for the reported IP.
What I envision is a module of some kind that parses 'tagged' types of
email such as mynetwatchman and then checks RT/IR to see if there is an
existing ticket referencing the IP (custom field). If the ticket exists
it will then be merged into that ticket. No match, new ticket.
Obviously there are a number of ways the new email report could be
handled. The inbound email could have it's subject rewritten with the
RT#, it could be added as an attachment to the ticket via POST or some
similar method.
Anyone out there have something like this in place or in the works? I'd
rather not have to try and re-invent where it's not necessary and as I
mentioned above... I'm not much of a coder.
Cheers,
Tremaine
More information about the Rt-devel
mailing list