About RTIR
Technical

RTIR: RT for Incident Response

Features

RTIR gives you all the goodness of RT plus the special features below. We worked with top-notch incident response teams to develop and optimize RTIR for you and your team.

A workflow designed specifically for incident response

RTIR automatically creates four special RT queues for tracking incidents that come your way:

Incident Reports
New reports end up here, with a due date set according to your SLAs, and are displayed on the RTIR dashboard.
Incidents
Valid Incident Reports are turned into new Incidents or linked to existing ones with one click. If you receive multiple reports about the same issue, you can link all of them to the same Incident to keep them together and reduce duplication.
Blocks
Track the barriers you set up in response to an Incident so they aren't forgotten about.
Investigations
Ask another party to look into and fix the problem. All the relevant information from the Incident is automatically included when you launch a new Investigation.

Integrate with your network

Integrating your existing network and security software with RT is simple and can save you time. We've already built integrations with ArcSight, Nagios, and other software, and we've written custom parsers to handle DMCA complaints and feedback loop emails conforming to the Abuse Reporting Format (ARF).

Easy, clickable metadata lookups

Relevant pieces of text such as IP addresses, domain names, and URLs are automatically linked to a whois result, traceroute, and other incidents containing that address. In the context of an Incident, email addresses are clickable to launch an investigation into the named party.

Scripted actions

Given a list of IPs or email addresses, RTIR can automatically create new Incidents and linked Investigations and send a templated message to the users or admins responsible. IPs are turned into addresses via whois lookups to a specified server. Templates are fully customizable and you can pass arguments to them for greater flexibility. Why do the legwork for a long list of issues when RTIR can do it for you?

Reports

It's easy to generate text, HTML, or spreadsheet reports about the number of incidents, their types, and resolutions for any arbitrary time period.

Security contact information
© 2002-2012 Best Practical Solutions LLC.