PHP script to create OTRS abuse tickets by snort alerts triggered



  • Thought to share this, as it may be useful to somebody else.

    It's a simple php script to automatically create OTRS tickets (mostly for Abuse depts) via its RPC API when snort triggers a specified alert.
    The idea came to my mind because we got sick of creating hundreds of abuse tickets for certain intrusion attempts on a daily basis.

    The script is not limited to but can be used in combination with the Cron package on pfSense to completely automate the process.
    Abuse contacts for a certain ip address are queried via dns from abusix.org.

    Note:  Requires the php56-xmlrpc module which can be installed via freshports on pfsense.

    Link: https://gist.github.com/dschallert/fa0870a252f8326d5d8663af27adc362

    Maybe I will develop a more general purpose IDS/IPS alerting module for pfSense with various options soon.

    Suggestions are greatly welcome.

    Thanks


Log in to reply