[Rtir] RTIR ScriptedAction: Link to existing Incident

Tue Mar 16 07:50:51 EST 2004

We have installed RTIR+RTFM and are currently testing it. One of the
things that we have noticed is that Scripted Actions under Tools create
new Investigation ticket + new Incident ticket for each email address/IP
number supplied.

We wanted to have an option where Scripted Action would create new
Investigations (one per address/IP) and link all of them to a single
incident. This would come in handy with cases like the following:

- we receive a report on a DDoS attack with a list of bots
- we create an Incident and link this report to it
- via Scripted Actions we send out messages to admins of systems running
  DDoS bots (each resulting in an Investigation), but keep them under
  the same Incident ticket.

To achieve this, I have copied ScriptedAction.html from
share/html/RTIR/Tools to local/html/RTIR/Tools and added another field
to the form (labeled "Link to incident"). If not empty, all resulting
Investigations will be linked to the supplied Incident.

Attached is a diff between the original and modified ScriptedAction.html.

Future possible enhancements of this patch could include:

- a separate "Link to existing incident" checkbox which would (I guess)
  make the page more readable
- a dropdown list of new/open incidents owned by the user for easier
  selection of the Incident you wish to link to, so you could either
  select from a list or manually enter the incident number

Am I doing something which was already done? And is this list the right
place to publish local additions/patches/enhancements?

Regards,
Gorazd

-- 
Gorazd Bozic <gorazd.bozic at arnes.si>
ARNES SI-CERT, Jamova 39 p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 88 22, fax: +386 1 479 88 99
-------------- next part --------------

--- share/html/RTIR/Tools/ScriptedAction.html	Mon Mar 15 09:14:50 2004
+++ local/html/RTIR/Tools/ScriptedAction.html	Tue Mar 16 12:56:58 2004
@@ -112,6 +112,14 @@
 % }
 <TR>
   <TD class=label>
+    <&|/l&>Link to incident</&>:
+  </TD>
+  <TD>
+    <INPUT Name="incident_no" SIZE=6 Value="<% $ARGS{'incident_no'} %>">
+  </TD>
+</TR>
+<TR>
+  <TD class=label>
     <&|/l&>Template</&>:
   </TD>
   <TD>
@@ -306,16 +314,30 @@
   $ARGS{'Subject'} =~ s/_IP_/$ip/g;
 
   if ($addr ne loc("ADDRESS_UNKNOWN")) {
-    # create the Incident
-    unless ($incidentq->CurrentUserHasRight('CreateTicket')) {
-	Abort('You have no permission to create tickets in that queue.');
-    }
+
     $ARGS{'Queue'} = $incidentq->Id;
 
-    ($Incident, @IncidentActions) =
-       CreateTicket(Attachments => $session{'Attachments'}, %ARGS);
-    unless ($Incident->CurrentUserHasRight('ShowTicket')) {
-      Abort("No permission to view newly created ticket #".$Incident->id.".");
+    if ($ARGS{'incident_no'}) {
+        # Ticket number of Incident supplied, try to load
+        $Incident = new RT::Ticket($session{'CurrentUser'});
+	my $ticket_no = $Incident->Load($ARGS{'incident_no'});
+        unless ($ticket_no) {
+            Abort('Ticket '.$ARGS{'incident_no'}.' does not exist.');
+        }
+        unless ($Incident->QueueObj->Id == $incidentq->Id) {
+            Abort('Ticket '.$ARGS{'incident_no'}.' is not an Incident');
+        }
+    } else {
+        # create the Incident
+        unless ($incidentq->CurrentUserHasRight('CreateTicket')) {
+	    Abort('You have no permission to create tickets in that queue.');
+        }
+
+        ($Incident, @IncidentActions) =
+           CreateTicket(Attachments => $session{'Attachments'}, %ARGS);
+        unless ($Incident->CurrentUserHasRight('ShowTicket')) {
+          Abort("No permission to view newly created ticket #".$Incident->id.".");
+        }
     }
     # }}}
 
