Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PHP script to create OTRS abuse tickets by snort alerts triggered

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 603 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Thought to share this, as it may be useful to somebody else.

      It's a simple php script to automatically create OTRS tickets (mostly for Abuse depts) via its RPC API when snort triggers a specified alert.
      The idea came to my mind because we got sick of creating hundreds of abuse tickets for certain intrusion attempts on a daily basis.

      The script is not limited to but can be used in combination with the Cron package on pfSense to completely automate the process.
      Abuse contacts for a certain ip address are queried via dns from abusix.org.

      Note:  Requires the php56-xmlrpc module which can be installed via freshports on pfsense.

      Link: https://gist.github.com/dschallert/fa0870a252f8326d5d8663af27adc362

      Maybe I will develop a more general purpose IDS/IPS alerting module for pfSense with various options soon.

      Suggestions are greatly welcome.

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.