[Rtir] RTIR ScriptedAction: Link to existing Incident
Gorazd Bozic
gorazd.bozic at arnes.si
Tue Mar 16 07:50:51 EST 2004
We have installed RTIR+RTFM and are currently testing it. One of the
things that we have noticed is that Scripted Actions under Tools create
new Investigation ticket + new Incident ticket for each email address/IP
number supplied.
We wanted to have an option where Scripted Action would create new
Investigations (one per address/IP) and link all of them to a single
incident. This would come in handy with cases like the following:
- we receive a report on a DDoS attack with a list of bots
- we create an Incident and link this report to it
- via Scripted Actions we send out messages to admins of systems running
DDoS bots (each resulting in an Investigation), but keep them under
the same Incident ticket.
To achieve this, I have copied ScriptedAction.html from
share/html/RTIR/Tools to local/html/RTIR/Tools and added another field
to the form (labeled "Link to incident"). If not empty, all resulting
Investigations will be linked to the supplied Incident.
Attached is a diff between the original and modified ScriptedAction.html.
Future possible enhancements of this patch could include:
- a separate "Link to existing incident" checkbox which would (I guess)
make the page more readable
- a dropdown list of new/open incidents owned by the user for easier
selection of the Incident you wish to link to, so you could either
select from a list or manually enter the incident number
Am I doing something which was already done? And is this list the right
place to publish local additions/patches/enhancements?
Regards,
Gorazd
--
Gorazd Bozic <gorazd.bozic at arnes.si>
ARNES SI-CERT, Jamova 39 p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 88 22, fax: +386 1 479 88 99
-------------- next part --------------
--- share/html/RTIR/Tools/ScriptedAction.html Mon Mar 15 09:14:50 2004
+++ local/html/RTIR/Tools/ScriptedAction.html Tue Mar 16 12:56:58 2004
@@ -112,6 +112,14 @@
% }
<TR>
<TD class=label>
+ <&|/l&>Link to incident</&>:
+ </TD>
+ <TD>
+ <INPUT Name="incident_no" SIZE=6 Value="<% $ARGS{'incident_no'} %>">
+ </TD>
+</TR>
+<TR>
+ <TD class=label>
<&|/l&>Template</&>:
</TD>
<TD>
@@ -306,16 +314,30 @@
$ARGS{'Subject'} =~ s/_IP_/$ip/g;
if ($addr ne loc("ADDRESS_UNKNOWN")) {
- # create the Incident
- unless ($incidentq->CurrentUserHasRight('CreateTicket')) {
- Abort('You have no permission to create tickets in that queue.');
- }
+
$ARGS{'Queue'} = $incidentq->Id;
- ($Incident, @IncidentActions) =
- CreateTicket(Attachments => $session{'Attachments'}, %ARGS);
- unless ($Incident->CurrentUserHasRight('ShowTicket')) {
- Abort("No permission to view newly created ticket #".$Incident->id.".");
+ if ($ARGS{'incident_no'}) {
+ # Ticket number of Incident supplied, try to load
+ $Incident = new RT::Ticket($session{'CurrentUser'});
+ my $ticket_no = $Incident->Load($ARGS{'incident_no'});
+ unless ($ticket_no) {
+ Abort('Ticket '.$ARGS{'incident_no'}.' does not exist.');
+ }
+ unless ($Incident->QueueObj->Id == $incidentq->Id) {
+ Abort('Ticket '.$ARGS{'incident_no'}.' is not an Incident');
+ }
+ } else {
+ # create the Incident
+ unless ($incidentq->CurrentUserHasRight('CreateTicket')) {
+ Abort('You have no permission to create tickets in that queue.');
+ }
+
+ ($Incident, @IncidentActions) =
+ CreateTicket(Attachments => $session{'Attachments'}, %ARGS);
+ unless ($Incident->CurrentUserHasRight('ShowTicket')) {
+ Abort("No permission to view newly created ticket #".$Incident->id.".");
+ }
}
# }}}
More information about the Rtir
mailing list