RTIR 5.0.6 Documentation
RTIR Config
- NAME
- WARNING
- Base Configuration
- Constituency Configuration
- Web Interface Configuration
- Custom Fields
- Countermeasures
- Research Tools
- Service Level Agreements (SLA)
NAME
RT::IR::Config - RTIR specific options and defaults for RT
WARNING
NEVER EDIT RTIR_Config.pm.
Instead, create RTIR_SiteConfig.pm in /opt/rt5/etc and edit anything you wish to change there.
Base Configuration
$rtirname
-
Set the name of the RTIR application.
%Lifecycles
-
RTIR defines four lifecycles for each its queue: 'incidents', 'incident_reports', 'investigations' and 'countermeasures'.
Note that all four lifecycles are mapped to each other, so in theory it's possible to move tickets between queues, but importantly it's required to perform certain operations. For example when user abandons Incident all its children should be inactivated as well, to figure out which status set on a child the map is used.
Read etc/RT_Config.pm which describes this option in details.
%LinkedQueuePortlets
-
%LinkedQueuePortlets
allows you to display links to tickets in another queue in a stand-alone portlet on the ticket display page. This makes it easier to highlight specific ticket links separate from the standard Links portlet.You can include multiple linked queues in each ticket and they are displayed in the order you define them in the configuration. The values are RT link types: 'DependsOn', 'DependedOnBy', 'HasMember' (children), 'MemberOf' (parents), 'RefersTo', and 'ReferredToBy'. 'All' lists all linked tickets. You can include multiple link types.
%LinkedQueuePortletFormats
-
%LinkedQueuePortletFormats
defines the format for displaying linked tickets in each linked queue portlet defined by%LinkedQueuePortlets
.The 'Default' format will be used by default.
To change the format for all 3 RTIR default linked queues, for example:
Set( %LinkedQueuePortletFormats, 'Incident Reports' => q{'<b><a href="__RTIRTicketURI__">__id__</a></b>/TITLE:#',}. q{'<b><a href="__RTIRTicketURI__">__Subject__</a></b>/TITLE:Subject',}. q{Status,OwnerName,LastUpdatedRelative}, Investigations => q{'<b><a href="__RTIRTicketURI__">__id__</a></b>/TITLE:#',}. q{'<b><a href="__RTIRTicketURI__">__Subject__</a></b>/TITLE:Subject',}. q{Status,OwnerName,LastUpdatedRelative}, Countermeasures => q{'<b><a href="__RTIRTicketURI__">__id__</a></b>/TITLE:#',}. q{'<b><a href="__RTIRTicketURI__">__Subject__</a></b>/TITLE:Subject',}. q{Status,OwnerName,LastUpdatedRelative}, );
%RTIR_IncidentChildren
-
Option controls relations between an incident and reports, investigations and countermeasures. Each entry of the hash is a pair where key is type of child and value is hash with Multiple and Required keys and boolean values, for example:
Set(%RTIR_IncidentChildren, Report => { Multiple => 1, Required => 0, }, ... );
So each entry defines if ticket of particular type can be linked to Multiple incidents or only one. Also, whether it's required to link ticket to an Incident on creation in UI or it's optional.
By default IRs can be linked to many incident and it's not required to link them right away. Investigations can be linked only to one incident and it can be done later. Countermeasures can not be created without incident, however can be linked to many of them.
$RTIR_RedirectOnLogin
-
If set to a true value, will redirect members of DutyTeam groups to /RTIR/ upon login so that they immediately see the RTIR Homepage (rather than their RT Homepage). This does not change where Home in the menu links to, since you can get to the RTIR homepage from RTIR at the top level, and users may wish to have more custom searches stashed on their Home page.
$RTIR_RedirectOnSearch
-
If set to a true value, searches initiated on the RT search page that contain RTIR-related queues will redirect to the RTIR search page. The default is true.
$RTIR_DefaultQueue
-
Starting in RT/RTIR 5.0, the queue selection dropdown is on the ticket create page. RTIR has separate create pages from RT, so this allows you to set a default queue for RT and a different one for RTIR.
This option defaults to
Incident Reports
.
Constituency Configuration
$RTIR_StrictConstituencyLinking
-
Set constituency enforcement algorithm.
Read more about constituencies in docs/Constituencies.pod. Algorithms are described in "Constituency Propagation" in Constituencies.
Web Interface Configuration
$MaxInlineBody
-
By default, RT only displays text attachments inline up to the first 12k; RTIR increases this to 25k.
$OverdueAfter
-
Set the number of days a message awaiting an external response may be inactive before the ticket becomes overdue
$ReplyString
-
This is the string that indicates a reply, and which will be pre-pended to subjects when you reply to tickets, for example:
Set($ReplyString, 'Re:');
$RTIR_OldestRelatedTickets
-
Controls what tickets (LastUpdated > "RTIR_OldestRelatedTickets days ago") are returned for searches generated from the Lookup tools. This applies to searches for IP addresses and Hostnames linked from Ticket histories that are run against Lookup.html and any other custom code that links to Lookup.html to run a query.
%RTIRSearchResultFormats
-
Default formats for RTIR search results
If you only want to override one entry, you can copy only part of this, which will protect you during upgrades because other entries will be merged from this configuration. To change just the Investigation list you would do:
Set(%RTIRSearchResultFormats, InvestigationDefault => 'modified configuration');
$DisplayAfterEdit
-
Enable this option if you want jump to display screen after saving changes on the edit screen.
$SimplifiedRecipients
-
Set to show list of recipients above reply box.
@RTIR_HomepageComponents
-
Components that available to add on the first page of the RTIR.
@Active_MakeClicky
-
Define list of enabled MakeClicky extensions; RTIR extends the default 'httpurl', and additionally provides 'ip', 'ipdecimal', 'email', 'domain' and 'RIPE'.
It is possible to add your own types of clicky links using callbacks; see html/Callbacks/RTIR/Elements/MakeClicky/Default for an example.
NOTE that list is order-sensetive, when one action matches text other actions don't apply to the same matched text.
By default RTIR enables 'httpurl_overwrite', 'ip', 'email' and 'domain'.
- Process Articles for Incidents
-
RTIR provides configuration to show process documentation on Incident pages based on the selected Classification. You can change this behavior via configuration using the options ProcessArticleFields and ProcessArticleMapping.
You can see additional information about how to manage Process Articles in the RT Articles documentation.
Custom Fields
%RTIR_CustomFieldsDefaults
-
Set the default value for Resolution if there is no value when an RTIR ticket is set to resolved or rejected.
%CustomFieldGroupings
-
All of the configuration rules for RT CustomFieldGroupings apply and you should review the documentation in etc/RT_Config.pm
RTIR provides a separate 'object' that groupings are applied to, RTIR::Ticket. Groupings for this object type will only be applied to Custom Fields on Tickets in RTIR Queues. This allows you to logically separate your Custom Field configuration between RTIR Queues and standalone Queues in your RT instance.
We do not provide the Links core grouping because no RTIR tickets display the Links box. Basics, People and Dates will work as they do in core, but keep in mind that Incidents do not display a People box, so CFs in the People group will not render on Incidents. Additionally, People and Dates are not always available in all screens in RTIR so may not be the best place for Custom Fields.
%InlineEditPanelBehavior
-
This configuration option is a core RT feature which accepts a custom key for RTIR. The options are the same as those documented in RT, but the key is
RTIR::Ticket
as in this example:Set(%InlineEditPanelBehavior, 'RTIR::Ticket' => { '_default' => 'click', 'Networking' => 'link', 'Details' => 'click', 'Dates' => 'always', 'People' => 'link', }, );
If no RTIR settings are defined, the settings for
RT::Ticket
are used. Seeetc/RT_Config.pm
for more information about this configuration option. $RTIR_StrictDomainTLD
-
If true then RTIR will check if TLD is officially valid on domain extraction. Set it to 0 if you need to support local TLDs or recent ones that are not included in Net::Domain::TLD yet. It's true by default.
Countermeasures
$RTIR_DisableCountermeasures
-
If true then Countermeasure queue functionality inactive and disabled.
$RTIR_CountermeasureApproveActionRegexp
-
When requestor replies on the countermeasure in pending state RTIR changes state, you can set regular expresion so state would be changed only when content matches the regexp.
See also "DESCRIPTION" in RT::Action::RTIR_SetCountermeasureStatus.
Research Tools
RTIR comes with a few research tools available at Tools/Lookup.html.
@RTIRResearchTools
-
Which research tools should RTIR display for address/domain lookups.
For each tool listed in this section, RTIR will attempt to display using the following mason components:
html/RTIR/Tools/Elements/ToolForm____ html/RTIR/Tools/Elements/ToolResults____
$RTIRIframeResearchToolConfig
-
One of the research tools available in RTIR allows you to configure a set of search URLs that incident handlers can use to open searches in IFRAMES.
Entries are keyed by integer in the order you'd like to see them in the dropdown on the research page. Each entry consists of a hashref containing "FriendlyName" and "URL". The URLs will be evaluated to replace __SearchTerm__ with the user's current search term.
$TracerouteCommand
-
Path to traceroute command.
$whois
-
Whois servers for the research tool.
The outer hash key is the order the entry should appear in the WHOIS dropdown. Host is of the form "hostname:port" and FriendlyName is the dropdown label.
Some of the resources provided here, like IANA, are thin WHOIS clients, so the query results can point you to other sources of WHOIS information. You can then add these additional servers to this configuration.
$RunWhoisRequestByDefault
-
RTIR prior to 2.6.1 was running whois request by default on lookup. Now it requires user interaction. Set
$RunWhoisRequestByDefault
to true value return back old behaviour. %ExternalFeeds
-
Sources for the External Feeds tool, currently RSS is supported. Provide a Name and URI for each source and you can also provide an optional Description.
Set(%ExternalFeeds, 'RSS' => [ { Name => 'US Cert Alerts', URI => 'https://www.us-cert.gov/ncas/alerts.xml', Description => 'US Cert Alerts', }, ... ], );
The initial list is "US Cert Alerts", "UK NCSC Security News", "Full Disclosure", "Threatpost Vulnerability Alerts" and "Bugtraq".
Service Level Agreements (SLA)
Read docs/AdministrationTutorial.pod.
← Back to index