PHP script to create OTRS abuse tickets by snort alerts triggered
Thought to share this, as it may be useful to somebody else.
It's a simple php script to automatically create OTRS tickets (mostly for Abuse depts) via its RPC API when snort triggers a specified alert.
The idea came to my mind because we got sick of creating hundreds of abuse tickets for certain intrusion attempts on a daily basis.
The script is not limited to but can be used in combination with the Cron package on pfSense to completely automate the process.
Abuse contacts for a certain ip address are queried via dns from abusix.org.
Note: Requires the php56-xmlrpc module which can be installed via freshports on pfsense.
Maybe I will develop a more general purpose IDS/IPS alerting module for pfSense with various options soon.
Suggestions are greatly welcome.