[unisog] RTIR (RT for Incident Response)

Erik Fichtner emf at obfuscation.org
Thu Dec 15 21:18:56 GMT 2005

Guy Dickinson wrote:
> * RTIR is designed for the (very rigid!) workflow of its creators. It
> may or may not translate well into your organization. For example, each
> conversation with an external party generates an "Incident Report". This
> must be linked to an "Incident", which is like a parent ticket under
> which several Incident Reports can be housed. (confused yet?).
> Day-to-day, this is a pretty big headache if you have abuse@ going into
> RTIR, since you spend a lot of time making parent tickets for every
> single email. It turned out to be too clunky for daily use here.

You know, this brings up a topic that's been bothering me for a little
while now; often in the guise of incident tracking for SANS ISC-- Tools
like RT and RTIR are designed for response desks with internal and
external parties complaining to them to do something about resources they
directly control.      There does not seem to be a tool available for
a response desk that wants to track communications between yourself
('The complaintant') and various third parties who have resources that
you'd like them to do something about.      Tracking all those empty
responses to messages sent to abuse@ for various sites gets extremely
tedious at times.  (particularly the ones where replying with the proper
ticket number just generates a new ticket anyway.  You know who you are.)

Anyone happen to have spotted tools for managing your open tickets with
other third parties?

Erik Fichtner; Unix Ronin

"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20051215/fe734b88/signature.bin

More information about the unisog mailing list