3. PHP script to create OTRS abuse tickets by snort alerts triggered

PHP script to create OTRS abuse tickets by snort alerts triggered

  • ?

    Thought to share this, as it may be useful to somebody else.

    It's a simple php script to automatically create OTRS tickets (mostly for Abuse depts) via its RPC API when snort triggers a specified alert.
    The idea came to my mind because we got sick of creating hundreds of abuse tickets for certain intrusion attempts on a daily basis.

    The script is not limited to but can be used in combination with the Cron package on pfSense to completely automate the process.
    Abuse contacts for a certain ip address are queried via dns from abusix.org.

    Note:  Requires the php56-xmlrpc module which can be installed via freshports on pfsense.

    Link: https://gist.github.com/dschallert/fa0870a252f8326d5d8663af27adc362

    Maybe I will develop a more general purpose IDS/IPS alerting module for pfSense with various options soon.

    Suggestions are greatly welcome.

    Thanks

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy