<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML DIR=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"></HEAD><BODY><DIV><FONT face='Arial' color=#000000 size=2>Hey Jesse/Everyone,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000 size=2>I have been looking into RTIR
recently to evaluate it for use in a corporate security environment. I am
curious if anyone may be using it for such that might have some mini-howto
documentation about how they actually use this solution in their
environment? The documentation on this module is somewhat scarce at this
point, and I am really wondering how others use this. It may be overkill
for the application I am thinking of, but I really like the idea of coordinating
"incidents" together with all related blocked systems, automating some of the
effort in blocking X many systems and reporting them to appropriate responders
in batch, etc. It is just not clear to me how all this is designed to work
out of the box, aside from creating a plethora of linked tickets.
;)</FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000 size=2>Just as an example, the docs don't
even mention that you need to browse to /RTIR/ after installing this, as there
does not appear to be any Tabs added by default to the main RT pages (fwiw, I
added one of my own).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Also, in looking at the recent RT 3.2.2/RTIR 1.1.3
release I have some questions:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1) I am trying to understand what happened in the
blocks queue. At one point I saw options for "Activating" blocks (I know
it was in an earlier version, but I thought I saw a glimpse somewhere in this
version right after creating a block, but haven't found it again). When I
view blocked tickets I have Reply/Comment options and it shows the uneditable
status on the /RTIR/Update.html page, but not a direct way to change these
settings? I see that the first reply to a blocked item sets it from
Pending Activation to Active, and the third from Active to Pending
Removal. But then I don't see how it goes to Removed? (I realize
these are overloading of the standard ticket states, but via 1.1.3 RTIR
interface there does not appear to be a way to edit the state directly?)
Am I missing something?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>2) Has there been any thought to adding
context-sensitive online help to RT in general? This might go a long way
to help improving self-documentation of the platform itself? (Yes I know
most of it is fairly straightforward, but still, sometimes a hint about what
particular fields are intended for, tips about email usage (-comments@ aliases
that some people use, etc) would be nice things to document. Some of this
would of course be site-specific, but if the framework was
standardized...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Sorry to be somewhat vague in my explanation
above. Just understanding what you are "suppose" to see after installing
some of these cool modules like this is tricky without more
documentation. Some screenshots added to the Wiki would be nice (I know
these things have been changing a lot in recent versions as well).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks,</FONT></DIV>
<DIV><FONT face=Arial size=2>Brian</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>