Skip to content
Perl TSQL HTML Other
Branch: 4.0-trunk
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Update copyright for 2018 Apr 23, 2018
etc Remove bfk_dnslogger tool Sep 13, 2019
html Handle emails with +tags in 'Investigate to' MakeClicky links Jun 11, 2018
inc Merge branch '3.2-trunk' into 4.0-trunk Apr 25, 2018
static Make action buttons on the same line as the "Incident:" label when po… Apr 17, 2018
.perlcriticrc bring over RT's .perlcriticrc Mar 3, 2011
CHANGES Clean out the CHANGES file that only contained old versions May 26, 2016
META.yml Release 4.0.1 Jun 26, 2018
Makefile.PL Add . to @inc in Makefile.PL Sep 19, 2017


RT for Incident Response is an open source, industrial-grade
incident-handling tool designed to provide a simple, effective
workflow for members of CERT and CSIRT teams. It allows team members
to track, respond to and deal with reported incidents and features a
number of tools to make common operations quick and easy.  RTIR is
built on top of RT, which is also available for free from Best
Practical Solutions at

RT and RTIR are commercially-supported software. To purchase support,
training, custom development, or professional services, please get in
touch with us at <>.


o   RT version 4.4.1 or later.
o   Net::Whois::RIPE 1.31 is bundled with RTIR for compatibility with the
    API RTIR uses and for a fix to run without warnings under perl 5.18.

Upgrade instructions:

If you've installed a prior version of RTIR, you will need to follow
special steps to upgrade.  See the docs/UPGRADING file for detailed

Installation instructions:

1) Install the current release of the RT 4.4 series following RT's
   regular installation instructions

2) Run "perl Makefile.PL" to generate a makefile for RTIR.

3) Install any extra Perl modules RTIR needs that aren't already
   installed. The output from the previous step will list new
   modules needed, or if existing modules need to be upgraded to a
   newer version.

4) Type "make install".

5) Activate the RTIR extension by putting the following line in your
   RT's etc/ file:


6a) If you are installing RTIR for the first time, initialize the RTIR
    database by typing "make initdb".

    WARNING: Do not attempt to re-initialize the database if you are

6b) If you are UPGRADING from a previous installation, read the
    UPGRADING file for instructions on how to upgrade your

7) Stop and start your web server.

Configuring RTIR

1) Using RT's configuration interface, add the email address
   of the Network Operations Team (the people who will handle
   activating and removing network blocks) as AdminCc on the
   Countermeasures queue.
   RT -> Queues -> Countermeasures -> Watchers

2) You may want to modify the email messages that are automatically
   sent on the creation of Investigations and Countermeasures.
   RT -> Queues -> <Select RTIR's Queue> -> Templates.
   RT -> Global -> Templates.

3) By default, RT ships with a number of global Scrips.  You should use 
   RT's configuration interface to look through them, and disable any 
   that aren't apropriate in your environment.
   RT -> Queues -> <Select RTIR's Queue> -> Scrips.
   RT -> Global -> Scrips.

4) Add staff members who handle incidents to the DutyTeam group.
   RT -> Configuration -> Groups -> DutyTeam -> Members.

5) You can override values defined in by creating in /opt/rt4/etc/ and adding your customizations.


An alias for the Incident Reports queue will need to be configured.
Add the following lines to /etc/aliases (or your local equivalent):

rtir:         "|/opt/rt4/bin/rt-mailgate --queue 'Incident Reports' --action correspond --url"

You should substitute the URL for RT's web interface for

o  If your webserver uses SSL, rt-mailgate will require several new
   Perl libraries. See the RT README for more details on this option.

o  See "perldoc /opt/rt4/bin/rt-mailgate" for more info about the rt-mailgate

o  If you're configuring RTIR with support for multiple constituencies, please
   refer to the instructions in the file docs/Constituencies.pod which is also
   viewable here

Documentation for RTIR

   * Documents included with RTIR are also available for browsing at

   * This README file

   * docs/UPGRADING

   * docs/UPGRADING-*
        Version specific upgrading files. If upgrading from 3.0, you
        would read the UPGRADING-3.0, UPGRADING-3.2, and UPGRADING-4.0 files.

   * docs/Tutorial.pod
        ( also at )
        Extended information about ticket merging

   * docs/Constituencies.pod
        ( also at )
        Information about setting up RTIR with multiple user constituencies

   * docs/AdministrationTutorial.pod
        ( also at )
        Information about setting up RTIR for Administrators

   * etc/
        (Contains a number of RTIR-specific configuration options and
        instructions for their use)

   * RTIR mailing list
        Subscribe by sending mail to


If you would like to run RTIR's tests, you need to set a few environment

RT_DBA_USER - a user who can create a database on your RDBMS
              (such as root on mysql)

RT_DBA_PASSWORD - the password for RT_DBA_USER

To run tests:

$ RTHOME=/opt/my-rt perl Makefile.PL
$ RT_DBA_USER=user RT_DBA_PASSWORD=password make test

These are intended to be run before installing RTIR.

Like RT, RTIR expects to be able to create a new database called rt4test
on your system


To report a bug, send email to

# This software is Copyright (c) 1996-2018 Best Practical Solutions, LLC
#                                          <>
# (Except where explicitly superseded by other copyright notices)
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 or visit their web page on the internet at
# (The following paragraph is not intended to limit the rights granted
# to you to modify and distribute this software under the terms of
# the GNU General Public License and is only of importance to you if
# you choose to contribute your changes and enhancements to the
# community by submitting them to Best Practical Solutions, LLC.)
# By intentionally submitting any modifications, corrections or
# derivatives to this work, or any other work intended for use with
# Request Tracker, to Best Practical Solutions, LLC, you confirm that
# you are the copyright holder for those contributions and you grant
# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
# royalty-free, perpetual, license to use, copy, create derivative
# works based on those contributions, and sublicense and distribute
# those contributions and any derivatives thereof.
You can’t perform that action at this time.