[unisog] RTIR (RT for Incident Response)

Reed Loden reed at reedloden.com
Fri Dec 16 00:21:26 GMT 2005


On Thu, 15 Dec 2005 16:18:56 -0500
Erik Fichtner <emf at obfuscation.org> wrote:

> Guy Dickinson wrote:
> > * RTIR is designed for the (very rigid!) workflow of its creators. It
> > may or may not translate well into your organization. For example,
> > each conversation with an external party generates an "Incident
> > Report". This must be linked to an "Incident", which is like a parent
> > ticket under which several Incident Reports can be housed. (confused
> > yet?). Day-to-day, this is a pretty big headache if you have abuse@
> > going into RTIR, since you spend a lot of time making parent tickets
> > for every single email. It turned out to be too clunky for daily use
> > here.
> 
> 
> You know, this brings up a topic that's been bothering me for a little
> while now; often in the guise of incident tracking for SANS ISC-- Tools
> like RT and RTIR are designed for response desks with internal and
> external parties complaining to them to do something about resources
> they directly control.      There does not seem to be a tool available
> for a response desk that wants to track communications between yourself
> ('The complaintant') and various third parties who have resources that
> you'd like them to do something about.      Tracking all those empty
> responses to messages sent to abuse@ for various sites gets extremely
> tedious at times.  (particularly the ones where replying with the proper
> ticket number just generates a new ticket anyway.  You know who you
> are.)

heh... This is -exactly- what I am looking for. I send out lots of mail to
abuse@ (and the like) addresses to report drones, and I really need
something that I can use to track these outgoing reports so I can tell
what bots have been taken care of and which ones have not.

It would also be nice if this tool could allow me just to enter the
host/ip and the log, and it would find the appropriate abuse address and
submit it itself.

If you find anything that does something like this or anything related to
it, please let me know.

~reed
Freelance Drone Cleaner/Killer/Hunter

-- 
Reed Loden - <reed at reedloden.com>


More information about the unisog mailing list