[Rtir] A couple of questions

Natasa Glavor natasa.glavor at carnet.hr
Tue Sep 7 11:18:20 EDT 2004



Hello everyone,

We are thinking about using RTIR as our primary tool in everyday's work of
tracking and solving security incidents. We have been testing and
experimenting with it for a while to see if it fits our needs, but to get a
clearer picture of its capabilities - as we shall need some modification and
customization and nobody here is exactly a perl guru - we have a couple of
questions that we hope a kind soul on this list will try to answer.
Here they are:
* how do we adjust RTIR to make queries to different custom databases
instead of the default whois querying?
* how do we issue an autoreply to the person who reported the incident, but
on creation of new incident or on linking the report to the existing incident?
* how do we fetch values stored in custom fields that are related to a
particular incident?
* how do we specify which template to use based on the type of incident or
on the desired language of the reply?
* how do we automate sending reminders after the involved party's response
time has expired?
* how do we search existing incident reports and incidents by specific
information stored in custom fields?

Thanks in advance and regards,
-- 
Natasa Glavor
CARNet CERT, www.CERT.hr



More information about the Rtir mailing list