Perl HTML Perl6 Other
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
RT for Incident Response is an open source, industrial-grade incident-handling tool designed to provide a simple, effective workflow for members of CERT and CSIRT teams. It allows team members to track, respond to and deal with reported incidents and features a number of tools to make common operations quick and easy. RTIR is built on top of "RT," which is also available for free from Best Practical Solution at http://www.bestpractical.com/rt/. To purchase commercials support, training or custom development for RT or RTIR, please contact Best Practical at email@example.com. WARNING! -------- This is a development version of RTIR. Before using this version of RTIR, back up your database and any local modifications. If you intend to deploy RTIR, or any other software, in a production environment, we recommend that you first install and test it in a staging environment to ensure that it meets your needs. Changes since RTIR 1.0.x ------------------------ Full integration with RT 3.4. New Search UI This includes a 3.4-style search UI, and menu changes to accomodate this. Instead of search results and criteria being displayed on a single page, you can now choose the 'Refine' menu option to refine your search and re-run it after you've added all of your criteria. Configurable Search Results Search result formats are configurable in RTIR_Config.pm, so you can easily choose which fields you would like to have displayed for RTIR searches. Standardized Components RTIR 1.2 uses more of RT's core components, making it easier to customize and maintain. Scrips Scrip actions and conditions are now in perl modules, so that they're easier to customize. Business::SLA Service Level Agreement (SLA) calculations are now handled by the Business::SLA module, which offers more flexibility. You can specify SLAs with business minutes, real minutes, or both. REQUIRED PACKAGES: ------------------ o RT 3.4.0 or later, configured, installed and tested. o The Business::Hours module (version 0.05 or later) o The Business::SLA module o The Net::Whois::RIPE module Upgrade instructions: ----------------------- If you've installed a prior version of RTIR, you may need to follow special steps to upgrade. See the UPGRADING file for detailed information. Installation instructions: -------------------------- 1) Once RT 3.4 and other required package have been installed and appear to be working properly, cd to the directory into which you unpacked RTIR into. 2) Run "perl Makefile.PL" to generate a makefile for RTIR. 3) Type "make install". 4) Add the following lines to your RT_SiteConfig.pm file: # The RTIR config file $RTIR_CONFIG_FILE = $RT::LocalEtcPath."/IR/RTIR_Config.pm"; require $RTIR_CONFIG_FILE || die ("Couldn't load RTIR config file '$RTIR_CONFIG_FILE'\n$@"); 5) If you are installing RTIR for the first time, initialize the RTIR database by typing "make initdb". WARNING: Do not attempt to re-initialize the database if you are upgrading. 6) Stop and start your web server. Configuring RTIR ---------------- 1) Using RT's configuration interface, add the email address of the Network Operations Team (the people who will handle activating and removing Blocks) as AdminCC on the Blocks queue. 2) You may want to modify the email messages that are automatically sent on the creation of Investigations and Blocks. The templates are "LaunchMessage" in the Investigations queue and "NewMessage" in the Blocks queue. 3) By default, RT ships with a number of global Scrips. You should use RT's configuration interface to look through them, and disable any that aren't apropriate in your environment. 4) Add staff members who handle incidents to the DutyTeam group. 5) You can override values in the RTIR_Config.pm in your RT_SiteConfig.pm file. Just add your customizations after the "require" line mentioned above. SETTING UP THE MAIL GATEWAY --------------------------- An alias for the Incident Reports queue will need to be made in either your global mail aliases file (if you are using NIS) or locally on your machine. Add the following lines to /etc/aliases (or your local equivalent) : rtir: "|/opt/rt3/bin/rt-mailgate --queue 'Incident Reports' --action correspond --url http://localhost/" You should substitute the URL for RT's web interface for "http://localhost/". BUGS ---- To report a bug, send email to firstname.lastname@example.org.