RTIR: RT for Incident Response
RTIR 2.4.0 Release Notes
RTIR 2.4.0 - 2008-09-16
------------------------------
I'm happy to announce new release of RTIR extension. This version is
an almost complete renewal of the code base to integrate RTIR with
the latest RT and its features. New features have been added and a lot
of things have been cleaned up, fixed and replaced with RT's base components.
You can use it with RT 3.8.1 and RTFM 2.4.0. There has been a lot of changes
in all components, so it's highly recommended to pay more attention to upgrade
process.
You can download the release candidate from:
https://download.bestpractical.com/pub/rt/release/RT-IR-2.4.0.tar.gz
https://download.bestpractical.com/pub/rt/release/RT-IR-2.4.0.tar.gz.sig
Documentation
* A lot of documentation have been written about using and
managing RTIR. Start from `perldoc lib/RT/IR/DocIndex.pod`
or use RTx-OnlineDoc extension to view docs via the WebUI.
IP and CIDRs
* IP custom field in all RTIR's queues.
* Searches by single IP and ranges.
* Parse IPs, ranges and CIDRs from content of messages.
* Added [Add IP] link near IPs in the content of tickets.
* Inherit IPs in the forms when parent or child is known.
* Merge IPs on ticket merge.
* Protect value with IP/IP-IP/CIDR pattern.
Multiple Constituencies
* Multiple constituencies with ACLs based on value of the
custom field.
* Several constituency propagation algorithms.
* add_constituency script to make setup of new
constituencies easier.
* Setting default constituencies according to mail trafic.
* And other things - `perldoc lib/RT/IR/Constituencies.pod`.
GnuPG integration
* GnuPG integration is now a feature of RT and RTIR.
Incidents workflow
* Create an incident and lauch an investigation from one
page.
* Bulk abandon.
Blocks workflow
* Blocks queue can be disabled from the config
* New option RTIR_BlockAproveActionRegexp, this regexp can
be used to automate blocks activations and aproving.
* Set started date when an Block is activated.
Incident Reports workflow
* Allow an IR to be linked to multiple Incidents.
* Allow users to merge an IR into an Investigation.
* Quick reject.
* Set started date when an IR is linked to an Incident.
Investigations workflow
* "Don't send any emails to correspondents" checkboxes.
* Create an incident and lauch an investigation from one
page.
UI
* Integrated RT's query builder into RTIR.
* 'RTIR home' page is managable as 'RT at glance'.
* RTIR QueueSummary portlet that can be add to 'RTIR home' or
'RT at glance' pages.
* Use redirects after updates to avoid changes on page
reloads.
* Redirect users to RTIR interface when people try to access
RTIR tickets via RT interface.
* Added Comment box on activation.
* Added Investigate button to launch an Investigation from
the lookup tool.
* Advanced tab that allow you to move tickets from RTIR's to
RT's queues and do other things that out of regular RTIR
workflow.
* Allow to filter by State when viewing children of an Incident.
* Display after Edit option.
* Bulk reject and return.
* Allow user to attach IRs on an investigation launching
and responses.
* Show Steal/Take actions according to the rights.
* Integration of new RT's Forward feature.
Other
* Cross integration with RTFM
* Use new RT's API to make text of history clickable.
* Allow to add and edit additional custom fields in RTIR
queues.
* Improved handling of Whois requests.