RTIR 5.0.3 and 4.0.3 Now Available

Request Tracker for Incident Response (RTIR) versions 5.0.3 and 4.0.3 are now available. These new releases provide security updates, bug fixes, and some new features. As always, we recommend all users upgrade to the newest versions. Our forum contains details on all of the new releases, linked below:

When upgrading RTIR, you also need to upgrade the underlying RT version as well. New releases of RT 5.0.3 and 4.4.6 are also available and they also contain security updates.

In addition to the security fixes mentioned above, version 5.0.3 contains some new features we think RTIR users will be interested in.

RTIR Homepage is Now a Dashboard

Just like the similar update in RT 5.0.2, the home page in RTIR is now a dashboard, making it even easier to create multiple different homepage configurations and allow users to pick the one that works best for them. Existing homepages are automatically converted as part of the upgrade process. After upgrading, you can set your default using the same gearbox icon in the corner.

Support for CVEs

RTIR now has a CVE custom field by default. As with IPs, scrips now look for CVEs in incoming messages and will automatically set the CVE custom field if any CVE ids are found. When looking at incident tickets, if a CVE is set, a new CVE portlet pulls in information about that vulnerability from the NIST database. It shows selected fields right on the Incident page and links you to the full entry so you can view the full details.

CVE portlet on an Incident page in RTIR

Mandatory On Transition and Time Tracking

This release of RTIR adds compatibility with two popular extensions that are often used with RT.

RT-Extension-MandatoryOnTransition allows you to set rules, like making some fields required, on specific status transitions. This is very helpful when you want to allow people to create an incident without filling out all custom fields, but you want them to fill them out before the incident is resolved.

RT-Extension-TimeTracking adds more inputs for tracking time on specific dates and also provides a "time sheet" type page with hours across all tickets for a week.

New versions of both of these extensions have been released and they can now be used with RTIR 5.0.3.

MISP Integration

Updates in RTIR 5.0.3 also add support for an integration with the MISP threat intelligence sharing platform. We'll have more information on this extension later, but you can use it today.

Upgrade Help

Everything you need to upgrade is always included in new releases, so we encourage you to plan upgrades soon. The full release notes for all of these releases are available with details on what’s changed, and some additional information is posted on our forum. If you need a hand, Best Practical offers RT hosting, migration, upgrades, and professional services, just get in touch with us at sales@bestpractical.com.

Share this post:

RT 5.0.3 and 4.4.6 Now Available

Our newest versions of Request Tracker (RT) are now available, providing security updates, bug fixes, and some new features. As always, we recommend all users upgrade to the newest versions. Our forum contains details on all of the new releases, linked below:

In addition to download information, you'll find links to detailed release notes. Here are a few updates to look for in the new versions.

Custom Field Groupings per Queue

RT has long allowed you to name groups of custom fields to make your ticket pages easier to read and edit for users. Starting in RT 5.0.3, you can now scope these groupings at the queue-level in addition to globally. So if you want to specifically name a group of custom fields only in one queue, now you can do that.

Database Query Improvements

We made some updates to database queries to better use bind variables, and that should be most noticeable for people running RT with Oracle. The good news is it should also help all other databases as well.

HTML Custom Fields

A new HTML type custom field is now available as an alternate version of the text area custom field with regular text. We created this primarily for articles, so you can now use the Rich Text editor to edit your article content and the styling you add will show up in your HTML email when you use the article.

Editing an article with an HTML custom field

We have additional plans for HTML custom fields, but right now you can switch the render type for your article custom field if you are using HTML templates for outgoing email from RT. You can then use the editor to set various styles and they will all be set when you select that article to include in a response. If you're not familiar with articles in RT, you can read more in our introduction to articles.

Interface Used for a Request

Sometimes when creating scrips to automate something in RT, you may want to have different rules if a transaction comes in via email or the web interface. Previously you could check for the X-RT-Interface header in transactions to identify email or web requests, but these worked only for updates that had a message included. Now you can call a method RT->CurrentInterface to find out how something was submitted. As noted in the documentation, this covers email, web, REST calls and more.

Upgrade Help

Everything you need to upgrade is always included in new releases, so we encourage you to plan upgrades soon. The full release notes for all of these releases are available with details on what’s changed, and some additional information is posted on our forum. If you need a hand, Best Practical offers RT hosting, migration, upgrades, and professional services, just get in touch with us at sales@bestpractical.com.

Share this post:

Request Tracker Integration with PagerDuty

Photo of a glass bubble and a sign that says 'Emergency Alarm - Break glass'

If you support critical services and manage your work in RT, you may have cases where you need to escalate notifications beyond sending email or even text messages. PagerDuty provides a wide range of notification options including email, automated phone calls, SMS, and notifications from their mobile apps. RT::Extension::PagerDuty provides a full two-way integration to communicate status updates like acknowledgement and resolution between RT and PagerDuty.

Demo of RT integration with PagerDuty

PagerDuty allows you to set up on-call schedules, so the right person gets notified and not everyone on the team gets alerts. You can also set up escalations to automatically notify someone else if an alert hasn't been acknowledged within a period of time. Integrating with RT allows you to acknowledge and resolve alerts, and continue to track tickets along with all of your other tasks in RT.

Got questions about managing your key services with RT? You can send us email at sales@bestpractical.com, we're always happy to help.

Share this post:

Google Email (Gmail) Authentication Changes

Similar to updates by Microsoft for Office 365 email discussed previously, Google also has announced they will discontinue support for username/password authentication on May 30, 2022. If you use Google-hosted email, this may cause your email integration with your Request Tracker (RT) instance to stop working. Keep reading for some options to update your email integration.

As described previously, you can integrate email with RT by pushing (forwarding) email to the RT server or by pulling (fetching from a mailbox on the mail server). As noted in the linked post, if you were pulling email and are impacted by Google’s changes, one option is to convert to forward email from Google to your RT server. This approach has various pros and cons as described in the earlier post, and it would involve quite a few configuration changes.

If you are currently using the pull method with a utility like fetchmail or getmail, it’s easier to try to update your system and try to stay with the same approach. To do so, you’ll need to update your system to start using Google’s recommended OAuth2 authentication. This is currently possible with newer versions of getmail.

Version 5.6 or later of getmail come with a script called getmail-gmail-xoauth-tokens which you can use to set up the needed Oauth2 tokens to continue to retrieve email. This version is available via packages on most newer Linux systems we have worked with recently. We have used this successfully with RT integrations so far and have posted our Gmail configuration notes in our public wiki . Currently this getmail configuration seems to be a workable solution to continue to pull email, however, Google continues to make changes, so it's possible additional updates will be needed through 2022.

Support for OAuth2 in fetchmail appears to be included in version 7, which is in development but not yet released. Documentation is available in their public repository. As a development branch, this isn't a solution for a production RT system for most, but shows support may be available in future versions.

Our App-wsgetmail utility mentioned previously continues to be available, but currently supports only Office 365. Since there is a functioning getmail option that works with Google email, we currently are not planning to add support for Google mail to the utility. However, in the future someone may prefer a solution that retrieves email via APIs rather than IMAP, so we may consider adding support at some point.

The notes linked above are on our public RT wiki and we welcome improvements to make the somewhat challenging set-up process easier to follow. If you need professional assistance with RT and your email configuration, you can also contact us at sales@bestpractical.com.

Share this post:

Change Management in Request Tracker

Gears in a clock

Keep your change process running like a well-oiled machine (Photo by Laura Ockel on Unsplash)

One key component of IT service management is maintaining documented and repeatable change processes. The fundamentals of managing any change are the details around the change - like when is it going to happen, who is making the change, why are we doing it, and how do we roll back if there is a problem? RT is a great tool for managing all of this information, including communication to various stakeholders, so we have released a new extension with a pre-defined change management queue, configured and ready to use.

As with our HelpDesk extension, we identified change management as a common use case for many organizations running RT. To help speed up deployment, we have included all of the fundamental configuration in a freely available extension. Once installed, you'll have a dedicated Change Management queue, a custom lifecycle, and custom roles and custom fields to manage change information. Below is a short video that quickly demonstrates the main workflow.

Change management workflow in Request Tracker

The extension uses core RT features, so everything, including the lifecycle, can be customized and extended as needed using RT’s administration tools after you install. This allows you to align the workflow with your process and track everything you need, both to support the change process itself and for reporting later.

We hope this new extension helps to quickly get you up and running with change management, allowing you to focus on your process rather than implementation details. And if you’re just getting started with your change process, RT will help you keep things running like a well-oiled machine. To learn more about change management or how we can help you get the most out of Request Tracker, you can always reach us at sales@bestpractical.com.

Share this post:

New Microsoft Office 365 Email Integration Option for Request Tracker

New Microsoft Office 365 Email Integration Option for Request Tracker

Best Practical has released a new utility to fetch email for RT from Microsoft Office 365 when Basic Authentication is discontinued.

Share this post:

Request Tracker (RT) and Request Tracker for Incident Response (RTIR) Do Not Use log4j

Request Tracker (RT) and Request Tracker for Incident Response (RTIR) do not use log4j.

Share this post:

RT 4.2.17, 4.4.5, and 5.0.2 Now Available

RT 4.2.17, 4.4.5, and 5.0.2 Now Available

RT 4.2.17, 4.4.5, and 5.0.2 are now available. New versions include a security update and lots of new features.

Share this post:

RT 4.2 and RTIR 3.2 Series Reach End of Life

RT 4.2 and RTIR 3.2 series reach end of life. New versions of both RT and RTIR are available for upgrading.

Share this post: