RTIR 5.0.6 Documentation

RTIR Config

NAME

RT::IR::Config - RTIR specific options and defaults for RT

WARNING

NEVER EDIT RTIR_Config.pm.

Instead, create RTIR_SiteConfig.pm in /opt/rt5/etc and edit anything you wish to change there.

Base Configuration

$rtirname

Set the name of the RTIR application.

%Lifecycles

RTIR defines four lifecycles for each its queue: 'incidents', 'incident_reports', 'investigations' and 'countermeasures'.

Note that all four lifecycles are mapped to each other, so in theory it's possible to move tickets between queues, but importantly it's required to perform certain operations. For example when user abandons Incident all its children should be inactivated as well, to figure out which status set on a child the map is used.

Read etc/RT_Config.pm which describes this option in details.

%LinkedQueuePortlets

%LinkedQueuePortlets allows you to display links to tickets in another queue in a stand-alone portlet on the ticket display page. This makes it easier to highlight specific ticket links separate from the standard Links portlet.

You can include multiple linked queues in each ticket and they are displayed in the order you define them in the configuration. The values are RT link types: 'DependsOn', 'DependedOnBy', 'HasMember' (children), 'MemberOf' (parents), 'RefersTo', and 'ReferredToBy'. 'All' lists all linked tickets. You can include multiple link types.

%LinkedQueuePortletFormats

%LinkedQueuePortletFormats defines the format for displaying linked tickets in each linked queue portlet defined by %LinkedQueuePortlets.

The 'Default' format will be used by default.

To change the format for all 3 RTIR default linked queues, for example:

    Set( %LinkedQueuePortletFormats,
        'Incident Reports' =>
            q{'<b><a href="__RTIRTicketURI__">__id__</a></b>/TITLE:#',}.
            q{'<b><a href="__RTIRTicketURI__">__Subject__</a></b>/TITLE:Subject',}.
            q{Status,OwnerName,LastUpdatedRelative},

        Investigations =>
            q{'<b><a href="__RTIRTicketURI__">__id__</a></b>/TITLE:#',}.
            q{'<b><a href="__RTIRTicketURI__">__Subject__</a></b>/TITLE:Subject',}.
            q{Status,OwnerName,LastUpdatedRelative},

        Countermeasures =>
            q{'<b><a href="__RTIRTicketURI__">__id__</a></b>/TITLE:#',}.
            q{'<b><a href="__RTIRTicketURI__">__Subject__</a></b>/TITLE:Subject',}.
            q{Status,OwnerName,LastUpdatedRelative},
    );
%RTIR_IncidentChildren

Option controls relations between an incident and reports, investigations and countermeasures. Each entry of the hash is a pair where key is type of child and value is hash with Multiple and Required keys and boolean values, for example:

    Set(%RTIR_IncidentChildren,
        Report => {
            Multiple => 1,
            Required => 0,
        },
        ...
    );

So each entry defines if ticket of particular type can be linked to Multiple incidents or only one. Also, whether it's required to link ticket to an Incident on creation in UI or it's optional.

By default IRs can be linked to many incident and it's not required to link them right away. Investigations can be linked only to one incident and it can be done later. Countermeasures can not be created without incident, however can be linked to many of them.

$RTIR_RedirectOnLogin

If set to a true value, will redirect members of DutyTeam groups to /RTIR/ upon login so that they immediately see the RTIR Homepage (rather than their RT Homepage). This does not change where Home in the menu links to, since you can get to the RTIR homepage from RTIR at the top level, and users may wish to have more custom searches stashed on their Home page.

$RTIR_RedirectOnSearch

If set to a true value, searches initiated on the RT search page that contain RTIR-related queues will redirect to the RTIR search page. The default is true.

$RTIR_DefaultQueue

Starting in RT/RTIR 5.0, the queue selection dropdown is on the ticket create page. RTIR has separate create pages from RT, so this allows you to set a default queue for RT and a different one for RTIR.

This option defaults to Incident Reports.

Constituency Configuration

$RTIR_StrictConstituencyLinking

Set constituency enforcement algorithm.

Read more about constituencies in docs/Constituencies.pod. Algorithms are described in "Constituency Propagation" in Constituencies.

Web Interface Configuration

$MaxInlineBody

By default, RT only displays text attachments inline up to the first 12k; RTIR increases this to 25k.

$OverdueAfter

Set the number of days a message awaiting an external response may be inactive before the ticket becomes overdue

$ReplyString

This is the string that indicates a reply, and which will be pre-pended to subjects when you reply to tickets, for example:

    Set($ReplyString, 'Re:');
$RTIR_OldestRelatedTickets

Controls what tickets (LastUpdated > "RTIR_OldestRelatedTickets days ago") are returned for searches generated from the Lookup tools. This applies to searches for IP addresses and Hostnames linked from Ticket histories that are run against Lookup.html and any other custom code that links to Lookup.html to run a query.

%RTIRSearchResultFormats

Default formats for RTIR search results

If you only want to override one entry, you can copy only part of this, which will protect you during upgrades because other entries will be merged from this configuration. To change just the Investigation list you would do:

    Set(%RTIRSearchResultFormats, InvestigationDefault => 'modified configuration');
$DisplayAfterEdit

Enable this option if you want jump to display screen after saving changes on the edit screen.

$SimplifiedRecipients

Set to show list of recipients above reply box.

@RTIR_HomepageComponents

Components that available to add on the first page of the RTIR.

@Active_MakeClicky

Define list of enabled MakeClicky extensions; RTIR extends the default 'httpurl', and additionally provides 'ip', 'ipdecimal', 'email', 'domain' and 'RIPE'.

It is possible to add your own types of clicky links using callbacks; see html/Callbacks/RTIR/Elements/MakeClicky/Default for an example.

NOTE that list is order-sensetive, when one action matches text other actions don't apply to the same matched text.

By default RTIR enables 'httpurl_overwrite', 'ip', 'email' and 'domain'.

Process Articles for Incidents

RTIR provides configuration to show process documentation on Incident pages based on the selected Classification. You can change this behavior via configuration using the options ProcessArticleFields and ProcessArticleMapping.

You can see additional information about how to manage Process Articles in the RT Articles documentation.

Custom Fields

%RTIR_CustomFieldsDefaults

Set the default value for Resolution if there is no value when an RTIR ticket is set to resolved or rejected.

%CustomFieldGroupings

All of the configuration rules for RT CustomFieldGroupings apply and you should review the documentation in etc/RT_Config.pm

RTIR provides a separate 'object' that groupings are applied to, RTIR::Ticket. Groupings for this object type will only be applied to Custom Fields on Tickets in RTIR Queues. This allows you to logically separate your Custom Field configuration between RTIR Queues and standalone Queues in your RT instance.

We do not provide the Links core grouping because no RTIR tickets display the Links box. Basics, People and Dates will work as they do in core, but keep in mind that Incidents do not display a People box, so CFs in the People group will not render on Incidents. Additionally, People and Dates are not always available in all screens in RTIR so may not be the best place for Custom Fields.

%InlineEditPanelBehavior

This configuration option is a core RT feature which accepts a custom key for RTIR. The options are the same as those documented in RT, but the key is RTIR::Ticket as in this example:

    Set(%InlineEditPanelBehavior,
        'RTIR::Ticket' => {
            '_default'          => 'click',

            'Networking'        => 'link',
            'Details'           => 'click',
            'Dates'             => 'always',
            'People'            => 'link',
        },
    );

If no RTIR settings are defined, the settings for RT::Ticket are used. See etc/RT_Config.pm for more information about this configuration option.

$RTIR_StrictDomainTLD

If true then RTIR will check if TLD is officially valid on domain extraction. Set it to 0 if you need to support local TLDs or recent ones that are not included in Net::Domain::TLD yet. It's true by default.

Countermeasures

$RTIR_DisableCountermeasures

If true then Countermeasure queue functionality inactive and disabled.

$RTIR_CountermeasureApproveActionRegexp

When requestor replies on the countermeasure in pending state RTIR changes state, you can set regular expresion so state would be changed only when content matches the regexp.

See also "DESCRIPTION" in RT::Action::RTIR_SetCountermeasureStatus.

Research Tools

RTIR comes with a few research tools available at Tools/Lookup.html.

@RTIRResearchTools

Which research tools should RTIR display for address/domain lookups.

For each tool listed in this section, RTIR will attempt to display using the following mason components:

    html/RTIR/Tools/Elements/ToolForm____
    html/RTIR/Tools/Elements/ToolResults____
$RTIRIframeResearchToolConfig

One of the research tools available in RTIR allows you to configure a set of search URLs that incident handlers can use to open searches in IFRAMES.

Entries are keyed by integer in the order you'd like to see them in the dropdown on the research page. Each entry consists of a hashref containing "FriendlyName" and "URL". The URLs will be evaluated to replace __SearchTerm__ with the user's current search term.

$TracerouteCommand

Path to traceroute command.

$whois

Whois servers for the research tool.

The outer hash key is the order the entry should appear in the WHOIS dropdown. Host is of the form "hostname:port" and FriendlyName is the dropdown label.

Some of the resources provided here, like IANA, are thin WHOIS clients, so the query results can point you to other sources of WHOIS information. You can then add these additional servers to this configuration.

$RunWhoisRequestByDefault

RTIR prior to 2.6.1 was running whois request by default on lookup. Now it requires user interaction. Set $RunWhoisRequestByDefault to true value return back old behaviour.

%ExternalFeeds

Sources for the External Feeds tool, currently RSS is supported. Provide a Name and URI for each source and you can also provide an optional Description.

    Set(%ExternalFeeds,
        'RSS' => [
            {   Name        => 'US Cert Alerts',
                URI         => 'https://www.us-cert.gov/ncas/alerts.xml',
                Description => 'US Cert Alerts',
            },
            ...
        ],
    );

The initial list is "US Cert Alerts", "UK NCSC Security News", "Full Disclosure", "Threatpost Vulnerability Alerts" and "Bugtraq".

Service Level Agreements (SLA)

Read docs/AdministrationTutorial.pod.

← Back to index