<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Thanks for the information. Arcsight handles my incident handling by consolidating logs fm multiple places. I can generate .xml extracts of the incidents. I guess I would need to figure out a way to import the .xml data into rt-ir so that the analysts can fill in the rest of the information. I was hopping someone out there have worked on hooks-in fm Arcsight.<BR><BR>--- On <B>Thu, 3/5/09, Ruslan Zakirov <I><ruslan.zakirov@gmail.com></I></B> wrote:<BR>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px solid">From: Ruslan Zakirov <ruslan.zakirov@gmail.com><BR>Subject: Re: [Rtir] Question About RT-IR<BR>To: jdmfontz@yahoo.com<BR>Cc: rtir@lists.bestpractical.com<BR>Date: Thursday, March 5, 2009, 8:36 PM<BR><BR><PRE>Hi,
I'm not sure what type of integration you're looking for.
However, as far as I know people mostly fill RTIR with incident
reports (IRs) from external tool using emails, but it's possible to
use RT/RTIR perl API (scripts) or REST API (remote) to create IRs with
details filled into custom fields.
RTIR has optional Blocks queue to initiate and disable network blocks.
There are too many ways to implement automation of blocks, so RTIR is
not shipped with any specific solution, but if you have a command line
tool or anything else that can be called then it's pretty easy to
automate blocks.
Of course Best Practical Solutions is ready to provide companies
support in integrating RTIR with their workflow.
On Fri, Mar 6, 2009 at 12:19 AM, Martin Fontanez <jdmfontz@yahoo.com>
wrote:
> I am new to rt-ir and looking to implement it as my CERT ticketing system
> (just about to install). I am however, curious as to how it interfaces
> (snmp support, etc) with other products such as ArcSight to bring in
> information.
>
> Regards,
>
> Martin
>
>
> _______________________________________________
> Rtir mailing list
> Rtir@lists.bestpractical.com
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
>
>
--
Best regards, Ruslan.
</PRE></BLOCKQUOTE></td></tr></table><br>