[rt-users] Automatted parsing of mails entering an RT queue
chrislist at de-punkt.de
Thu Mar 2 03:35:26 EST 2017
we've been using RT for almost 15 years now with great success, but our
growing company needs a little more automation now. As we are a hosting
company /carrier, we frequently receive abuse reports and security
advisories (for example, automatted scans for UDP amplifiers by the
German national CERT). These enter our abuse queue.
I would like to parse these mails automatically, and write a parsing
toolkit for each different type of abuse mail (either by sender, or by
specific content signature, or something like that), in order to extract
the affected URIs / IP addresses from the mails and pass them on to an
abuse handling script for further action.
How would I do that? Are there any articles in the RT wiki that might be
a good starting point? Unfortunately, the "automating RT" page is more
about crontool than about the kind of automation I'm looking for.
Thanks a lot,
More information about the rt-users