[Rtir] Odd Blocks reports
peter.bates at ucl.ac.uk
Fri Nov 22 10:19:54 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
As part of the RTIR installation, I followed from the README:
Using RT's configuration interface, add the email address
of the Network Operations Team (the people who will handle
activating and removing Blocks) as AdminCC on the Blocks queue.
RT -> Queues -> Blocks -> Watchers
The emails it generates lack a 'To:' field (I can see this is because
the message is a BCC) which is leading to confusion in our Networking team.
The email also contains at the top:
Fri Nov 22 14:37:20 2013: Request 6758 was acted upon.
Transaction: Ticket created by xxx
Subject: Brute force block for 6 hosts
Status: pending activation
Ticket <URL: https://rt.cert.ucl.ac.uk/Ticket/Display.html?id=6758 >
As they can't access the RTIR interface this is also causing confusion.
Is this generated from a template, or where do I go to change this
- - and can I set up the Blocks queue to just have the Network team
as a standard To: / correspondent and not BCC or CC?
Senior Information Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the rtir