PHP script to create OTRS abuse tickets by snort alerts triggered
-
Thought to share this, as it may be useful to somebody else.
It's a simple php script to automatically create OTRS tickets (mostly for Abuse depts) via its RPC API when snort triggers a specified alert.
The idea came to my mind because we got sick of creating hundreds of abuse tickets for certain intrusion attempts on a daily basis.The script is not limited to but can be used in combination with the Cron package on pfSense to completely automate the process.
Abuse contacts for a certain ip address are queried via dns from abusix.org.Note: Requires the php56-xmlrpc module which can be installed via freshports on pfsense.
Link: https://gist.github.com/dschallert/fa0870a252f8326d5d8663af27adc362
Maybe I will develop a more general purpose IDS/IPS alerting module for pfSense with various options soon.
Suggestions are greatly welcome.
Thanks