Ticket list view
Brought to you by:
greg_k,
mjbrenegan
Menu
▾
▴
#64 Ticket list view
I'd like to see a more efficient interface for tickets. Many security admins deal with tickets in large batches, whether by host or by actual vulnerability and don't need a full description of the vulnerability immediately. For an example, check out
https://trac.anl.gov/scavenger/attachment/wiki/ScreenShots/previously%20answered.jpg
from the scavenger web interface
Logged In: YES
user_id=1623129
Originator: NO
Ticket list view has been build out a few months back in what is now merge_kkline build. IT has the ability to goto http://yoursite/checkup.php and lookup a ticket view of outstanding incidents for your host on the network that you are at currently. This is built out on a reverse ip to dns name as all incidents are looked up against a host table entry with fqdn. Otherwise can be pulled up in the portal under network hosts. Additionally there is a life timer, so you can see the age of the issue based on when it was first detected.
The merge_kkline has a signifcant change in table schema, from the original branch. I have built a migrate routine, to migrate you from existing versions of inprotect to the merge_kkline build. This will reprocess all scan data, and populate the new feilds app, protocol, port from the service field that was added in the recent builds of inprotect trunk. Additionally, it builds out a number of few things to track, for example servers table includes feed type, date, of each the servers, and incidents are open closed based on scans / rescans that include the same plugin tests and the issue is not resolved, otherwise certain fields are updated.