[Rtir] Question About RT-IR
Martin Fontanez
jdmfontz at yahoo.com
Thu Mar 5 21:22:19 EST 2009
Thanks for the information. Arcsight handles my incident handling by consolidating logs fm multiple places. I can generate .xml extracts of the incidents. I guess I would need to figure out a way to import the .xml data into rt-ir so that the analysts can fill in the rest of the information. I was hopping someone out there have worked on hooks-in fm Arcsight.
--- On Thu, 3/5/09, Ruslan Zakirov <ruslan.zakirov at gmail.com> wrote:
From: Ruslan Zakirov <ruslan.zakirov at gmail.com>
Subject: Re: [Rtir] Question About RT-IR
To: jdmfontz at yahoo.com
Cc: rtir at lists.bestpractical.com
Date: Thursday, March 5, 2009, 8:36 PM
Hi,
I'm not sure what type of integration you're looking for.
However, as far as I know people mostly fill RTIR with incident
reports (IRs) from external tool using emails, but it's possible to
use RT/RTIR perl API (scripts) or REST API (remote) to create IRs with
details filled into custom fields.
RTIR has optional Blocks queue to initiate and disable network blocks.
There are too many ways to implement automation of blocks, so RTIR is
not shipped with any specific solution, but if you have a command line
tool or anything else that can be called then it's pretty easy to
automate blocks.
Of course Best Practical Solutions is ready to provide companies
support in integrating RTIR with their workflow.
On Fri, Mar 6, 2009 at 12:19 AM, Martin Fontanez <jdmfontz at yahoo.com>
wrote:
> I am new to rt-ir and looking to implement it as my CERT ticketing system
> (just about to install). I am however, curious as to how it interfaces
> (snmp support, etc) with other products such as ArcSight to bring in
> information.
>
> Regards,
>
> Martin
>
>
> _______________________________________________
> Rtir mailing list
> Rtir at lists.bestpractical.com
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
>
>
--
Best regards, Ruslan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bestpractical.com/pipermail/rtir/attachments/20090305/60ad7bd0/attachment.htm
More information about the Rtir
mailing list