[IntelMQ-dev] An output bot for Request Tracker's RT::IR

Mika Silander mika.silander at csc.fi
Wed Jan 13 09:07:43 CET 2021 

Hi Sebastian,

 Thanks for your quick answer. Yes, I wanted to make sure the RT output bot is recent enough before continuing. I've also experimented with RT REST API 2.0 and noticed it lacks some features needed to support RT::IR operations, e.g. the linking of tickets. I've implemented a dirty work-around for this but according to the discussions on the dev forum portal of best practical, official support for linking in RT REST API 2.0 will be available in RT 5.0.1.

Cheers, Mika 

----- Original Message -----
From: "Sebastian Wagner" <wagner at cert.at>
To: "Mika Silander" <mika.silander at csc.fi>, "intelmq-dev" <intelmq-dev at lists.cert.at>
Sent: Wednesday, 13 January, 2021 09:50:55
Subject: Re: [IntelMQ-dev] An output bot for Request Tracker's RT::IR

Dear Mika,

On 1/13/21 8:24 AM, Mika Silander wrote:
>  We recently decided to try IntelMQ with the intent to have it push security events into a Request Tracker (RT) instance. The events would thus be managed as RT::IR tickets within RT. We didn't manage to make the Request Tracker output bot working and we are not entirely sure whether it is because we have just missed something in its configuration or whether it has some other problem. Thus, what is the current status of this bot? Is it still usable with RT versions 4.x and 5.0.x ?
Is has recently been added, so it's not outdated if you mean that. I'm
sure that Marius, the author of said bot, can help, but you'd need to
provide some more information on the issues you are experiencing. If
there's anything we can improve - in the bot's code as well as in its
documentation - I'm happy about pull requests =)
> Ideally, we'd like to have/create an RT + RT::IR output bot that uses the newer RT REST API 2.0. If there's anyone with similar endeavours, I'd be happy to hear from you.

There's an ongoing discussion in the python-rt library project on a
REST2 API support: https://github.com/CZ-NIC/python-rt/issues/34 I don't
know if anyone is actively working on it, but keep in mind, that the
REST2 API does not (yet?) offer the same possibilities like the REST 1
API and has some issues - see the linked discussion.

best regards,
Sebastian

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

More information about the IntelMQ-dev mailing list