Security Incidents mailing list archives

Re: Incident tracking database

From: Russell Fulton <r.fulton () auckland ac nz>
Date: 05 Dec 2002 15:15:41 +1300

On Wed, 2002-12-04 at 21:13, Holger Kipp wrote:



Danny (Danny () drexel edu) wrote:


Hey guys,
I've been looking for ages now and have not been able to find a real web based

incident tracking system, so what I'd like to do is just throw the question out to 


There are several Trouble-Ticket Systems available.

See for example gnats (which is email-based, but there is a webfrontend available)
or the oneorzere Helpdesk System (open source, at http://helpdesk.oneorzero.com).

For a very good and detailed overview, see http://linas.org/linux/pm.html

Another very customizable system is scarab (http://scarab.tigris.org/) - looks very
good to me, though it has some requirements (Java SDK1.3 or higher, Ant, Tomcat,
MySQL or Postgres).


There are certainly some very good ticket tracking systems, but all I
have looked at appear to lack a couple of features that I want in a
system for tracking incidents. (Possible exception is the one that comes
with snortsnarf but it has other limitations).

The features are:
1/ the ability to log tickets directly from programs (preferably across
the network) in a straight forward manner.
2/ the ability to produce standard emails from standard templates and
stuff stored as part of the ticket. Eg. incident notification to sites.
3/ the ability to add things like whois lookups that extract information
and add it to the ticket which can then be used in 2.

I'd be delighted if I've missed something and the perfect system is
really out there.

I have my own system that fulfills these requirements but is otherwise
very rude and crude.  I would love to marry its functionality into a
"proper" call tracking system.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Incident tracking database Danny (Dec 03)
- Re: Incident tracking database Chip Mefford (Dec 04)
  - what else you can do with worm networks...fun, profit, etc Anton A. Chuvakin (Dec 09)
- Re: Incident tracking database Paul Gillingwater (Dec 04)
- Re: Incident tracking database Steven Hong (Dec 04)
- Re: Incident tracking database james (Dec 04)
- <Possible follow-ups>
- Re: Incident tracking database Holger Kipp (Dec 04)
  - Re: Incident tracking database Russell Fulton (Dec 05)
    - Re: Incident tracking database Chris Adams (Dec 08)