Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Request Tracker For Incident Response (RTIR) : Kevin Falcone Best Practical Solutions

    Hochgeladen von

    Arnold Ango
    34 Ansichten50 Seiten
    The document discusses Request Tracker (RT) and its extension Request Tracker for Incident Response (RTIR). It provides an overview of RT's functionality for tracking tickets, including queues, custom fields, users, and workflows. It then summarizes RTIR's extensions to RT for incident management, including special queues for incident reports, investigations, and blocks. It outlines current and planned developments for RTIR.

    Originalbeschreibung:

    Originaltitel

    falcone-rtir

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The document discusses Request Tracker (RT) and its extension Request Tracker for Incident Response (RTIR). It provides an overview of RT's functionality for tracking tickets, including queues, custom fields, users, and workflows. It then summarizes RTIR's extensions to RT for incident management, including special queues for incident reports, investigations, and blocks. It outlines current and planned developments for RTIR.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    34 Ansichten50 Seiten

    Request Tracker For Incident Response (RTIR) : Kevin Falcone Best Practical Solutions

    Hochgeladen von

    Arnold Ango
    The document discusses Request Tracker (RT) and its extension Request Tracker for Incident Response (RTIR). It provides an overview of RT's functionality for tracking tickets, including queues, custom fields, users, and workflows. It then summarizes RTIR's extensions to RT for incident management, including special queues for incident reports, investigations, and blocks. It outlines current and planned developments for RTIR.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 50

    Request Tracker for

    Incident Response
    (RTIR)
    Kevin Falcone
    Best Practical Solutions

    BEST
    PRACTICAL
    TM
    RT /R T I R

    • RT
    • RTIR
    • Extending RTIR
    • Future development of RTIR

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • RT is a ticketing system
    • Bugtracking
    • Helpdesk
    • Invoicing
    • Incidents
    • Sales
    • Network Operations
    • Abuse

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • It doesn't care what you're tracking


    • A few key concepts that RTIR builds on

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • Queues
    • Basic organizational unit for RT
    • A ticket is in exactly one Queue
    • Most common abstraction for access
    control

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • Custom Fields
    • Custom data storage on Tickets or
    other RT objects
    • Many render/storage formats
    • New in RT 4
    • Date and Datetime
    • IPv4 and IPv6
    • based on previous work for RTIR

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • Users
    • Privileged
    • Staff users (passwords, full access)
    • Unprivileged
    • May have SelfService view
    • May just exist because of email

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • History
    • Transactions
    • Immutable history of changes to a ticket
    • Attachments
    • Email contents
    • Email attachments
    • Uploaded files

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • Workflows
    • Scrips
    • Conditions
    • Actions
    • Templates
    • RTIR contains 30+ Scrips

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • Releases
    • 4.0.5
    • Major series
    • Minor series
    • Release
    • Smaller, more stable releases
    • bugfixes only
    • easier to stay up to date

    BEST
    PRACTICAL
    TM
    RE QU ES T T R A CK ER

    • Open Source
    • https://github.com/bestpractical/rt
    • 3.8-trunk
    • 4.0-trunk
    • master

    BEST
    PRACTICAL
    TM
    RT I R

    • RT Extension
    • Four Special Queues
    • IRT specific workflow
    • Extraction and Searching of information
    • Collecting related tickets

    BEST
    PRACTICAL
    TM
    INCI DE NT R E PO R TS

    • Incident Reports Queue


    • Manual Reports
    • External Automated Systems
    • Default CFs
    • How Reported
    • Reporter Type
    • Customer

    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    INCI DE NT S

    • Incidents Queue
    • Collects 1, 100, more IRs into a single
    Incident
    • Central point of ownership
    • Central place to communicate
    • Central collection of data

    BEST
    PRACTICAL
    TM
    INCI DE NT S

    • Default CFs
    • Description
    • Function
    • Classification
    • Resolution

    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    INVE S T I G A T I O N S

    • Investigations Queue
    • External Communications
    • Gathering further information
    • Separate from IRs which would go back
    to the reporter of the problem.
    • Default CFs
    • Investigation

    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BL O C K S

    • Blocks Queue
    • Communication to network team
    • Can be disabled if unused
    • Default CFs
    • Netmask
    • Port
    • Where Blocked

    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    RT I R C U S T O M F IE L DS

    • Constituency
    • Separate responsibility for handling
    • IPs
    • Automatic extraction of IP addresses
    from all ticket data
    • Linking and Searching between

    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    L OO K UP S

    • Internal searching
    • whois
    • traceroute
    • ping
    • external webservices
    • internal webservices

    BEST
    PRACTICAL
    TM
    BEST
    PRACTICAL
    TM
    L OO K UP

    Set( @RTIRResearchTools,
    (qw(Traceroute Whois Iframe)));

    Set($RTIRIframeResearchToolConfig, {
    1 => { FriendlyName => 'Google', URL =>
    'https://encrypted.google.com/search?
    q=__SearchTerm__' }, ...

    Set($whois, { 1 => {
    Host => "whois.iana.org",
    FriendlyName => "IANA",
    }, ...
    BEST
    PRACTICAL
    TM
    L OO K UP

    • Add your own iframe link


    • Create a
    • local/RTIR/Tool/Elements/
    ToolFormSite
    • local/RTIR/Tool/Elements/
    ToolResultsSite
    • Add to RTIRResearchTools
    • Hide things you don't use (traceroute?)

    BEST
    PRACTICAL
    TM
    RT I R C U S T O M I ZA TIO N S

    • External Custom Fields


    • RT-Extension-ACNS
    • Custom Lookup from earlier

    BEST
    PRACTICAL
    TM
    E X T ER N AL C USTO M F IE LDS

    • Source the values of a drop down from


    • external web service
    • external db
    • information pulled from RT
    • Documentation and sample included with
    RT since 3.8.0

    BEST
    PRACTICAL
    TM
    RT -E X T E NS I ON - A C N S

    • Parses pre 1.0 ACNS emails


    • Maps contents into custom fields
    • Available on CPAN and GitHub

    BEST
    PRACTICAL
    TM
    RT I R 'S D E V E L O P M E N T

    • Janet-CSIRT v1
    • TC-CSIRT RTIR-WG v2
    • 2.4 and 2.6
    • 2.6 removed many restrictions on the
    Custom Fields used in RTIR

    BEST
    PRACTICAL
    TM
    RT I R 'S D E V E L O P M E N T

    • 3.0 (compat with RT 4.0)


    • Removed State => Lifecycles
    • Removed custom SLA
    • RT::Extension::SLA is much richer
    • All other 4.0 improvements
    • Bring searching closer to core
    • Replace/Rework Net::Whois::RIPE

    BEST
    PRACTICAL
    TM
    RT I R D E VE L O P ME N T

    • 4.0 Improvements
    • User interface overhaul
    • Ticket lifecycles
    • Mobile web interface
    • Online theme editor
    • GMail style history folding
    • RTFM integrated as “Articles”

    BEST
    PRACTICAL
    TM
    RT I R D E VE L O P ME N T

    • Full-text search
    • AJAX completion of email addresses
    • Better HTML mail support
    • New rights management UI
    • Hundreds of performance improvements
    and bugfixes
    • More tests

    BEST
    PRACTICAL
    TM
    RT I R D E VE L O P ME N T

    • RTIR 3.0
    • rtir-devel@lists.bestpractical.com
    • http://issues.bestpractical.com/
    • log in as guest
    • ticket #18710
    • https://github.com/bestpractical/rtir
    • I'm a software vendor, don't trust my
    ship dates.

    BEST
    PRACTICAL
    TM
    RT I R D E VE L O P ME N T

    • RTIR 3.2 will block the release of RT 4.2


    • Custom Field groups in 4.2
    • Removes more RTIR complexity
    • S/MIME support on par with GPG
    • Improved Scrips UI
    • Improved General Statistics
    • RTIR Search Refactoring
    • Assets extension
    • Possible Constituencies Enhancements

    BEST
    PRACTICAL
    TM
    RT I R S UP P O R T

    • rtir-devel@lists.bestpractical.com
    • rt-users@lists.bestpractical.com
    • #rt irc.perl.org
    • Professional support and customization

    BEST
    PRACTICAL
    TM
    RT I R W O R K I N G GR O UP ME E TIN G

    • Wednesday afternoon
    • Seats may still be available?
    • Driving the future features of RTIR
    • What workflows don't we know about

    BEST
    PRACTICAL
    TM
    Questions

    BEST
    PRACTICAL
    TM

    Das könnte Ihnen auch gefallen