[Rtir] Training documentation on RTIR
Jarrod Loidl
jarrod.loidl at its.monash.edu.au
Tue May 10 22:16:54 EDT 2005
Hi all,
I am looking at the reporting tools within RTIR and I am a little
confused as to how to use it. I've tried searching everywhere for RTIR
documentation and so far have found none (although I have the RT
training manual however).
1) Reporting pages seem to display inrelevent information.
For instance, it categorises Incident Reports as follows:
Incident reports received
Spam 0
System Compromise 0
Query 0
Scan 0
Denial of Service 0
Piracy 0
Unclassified 412
Why is there a classification for Spam, System Compromise, etc. when
there is no field in which I can even set this classification, let alone
type it? Is this meant to be a default queue and if so, why has it not
been created by default?
Don't get me wrong, these categories would be extremely useful for us
however if I can't make use of them, then they are effectively useless
to me as reporting criteria.
2) Full Service, Full Service: Out of hours, Reduced Service?
What does this mean? I am assuming its the difference in terms of level
of support provided during business hours and outside business hours,
however I've yet to read anything explaining this. What does RTIR
consider full service? What does it consider out of hours? What is
reduced service?
I'm sorry if these questions seem vague but I have looked everywhere to
try and find RTIR documentation and even the Bestpractical.com Wiki for
RTIR looks pretty empty:
http://wiki.bestpractical.com/index.cgi?RTIR
Thanks in advance,
--
Jarrod Loidl
IT Security of Infrastructure Services,
Information Technology Services, Monash University - Clayton
Phone: +61 3 99052055 Fax: +61 3 99054746
More information about the Rtir
mailing list