[unisog] RTIR (RT for Incident Response)

Guy Dickinson guy.dickinson at nyu.edu
Thu Dec 15 20:36:40 GMT 2005

Hash: SHA1

I'm a couple of days late to the party, but we have had pretty extensive
experience with both RT and RTIR here at NYU. Here's what I've learned
so far:

* RTIR is a bit incomplete. Some of its features, while they look nice,
don't work quite right, and some of the core RT functionality gets
broken in the process of overlaying RTIR. There's also a rather small
user-base to provide support.

* RTIR is designed for the (very rigid!) workflow of its creators. It
may or may not translate well into your organization. For example, each
conversation with an external party generates an "Incident Report". This
must be linked to an "Incident", which is like a parent ticket under
which several Incident Reports can be housed. (confused yet?).
Day-to-day, this is a pretty big headache if you have abuse@ going into
RTIR, since you spend a lot of time making parent tickets for every
single email. It turned out to be too clunky for daily use here.

* Many of the tweaks that make RTIR attractive can be implemented in
"vanilla RT" without a major overhaul

Here at NYU, we tried RTIR for about six months. While it was
functionally acceptable, it didn't quite fit our needs. On the other
hand, the RT backend is very stable and extensible enough to be tweaked
to do precisely what we want. We purchased a support package from Best
Practical, and their help has been great when we've needed it. I've been
very pleased with the results.

I've written a fairly extensive document about setting up plain RT for
use in our group. If you'd like it, let me know and I'll send you a copy

Andy Johnston wrote:
> I've been asked to look into RTIR, from
> http://www.bestpractical.com/rtir/, as an incident tracking system for
> our internal use.  Does anyone have any experience with this package?
> It's an offshoot of RT (Request Tracker) which we started to look at a
> while ago.
> Thanks,
> - Andy Johnston
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

- --
- ------------------
Guy Dickinson
NYU ITS Security
guy.dickinson at nyu.edu
(212) 998-3052

GPG Fingerprint:
54EB 2701 F6A0 D839 9E4C  E811 A98E 94C3 4557 C1CC

Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the unisog mailing list