[Rtir] A couple of questions
natasa.glavor at carnet.hr
Tue Sep 7 11:18:20 EDT 2004
We are thinking about using RTIR as our primary tool in everyday's work of
tracking and solving security incidents. We have been testing and
experimenting with it for a while to see if it fits our needs, but to get a
clearer picture of its capabilities - as we shall need some modification and
customization and nobody here is exactly a perl guru - we have a couple of
questions that we hope a kind soul on this list will try to answer.
Here they are:
* how do we adjust RTIR to make queries to different custom databases
instead of the default whois querying?
* how do we issue an autoreply to the person who reported the incident, but
on creation of new incident or on linking the report to the existing incident?
* how do we fetch values stored in custom fields that are related to a
* how do we specify which template to use based on the type of incident or
on the desired language of the reply?
* how do we automate sending reminders after the involved party's response
time has expired?
* how do we search existing incident reports and incidents by specific
information stored in custom fields?
Thanks in advance and regards,
CARNet CERT, www.CERT.hr
More information about the Rtir