On Wed, Sep 03, 2014 at 06:39:31PM -0400, Scot Fackler via rtir wrote: > > I have looked high and low through the current RTIR documentation to no avail > for information on the built-in ArcSight integrations noted on the RTIR > Features page. What I would like to do is use the ArcSight case export to > create RTIR tickets for Incident Response activities. Is there a better method > than using an xml parser to parse the ArcSight case export xml file in order > to > generate a ticket via the RTIR REST API? >
The ArcSight integration is not built in (if there's documentation implying that it's built-in, please provide a URL so it can be corrected). An ArcSight integration was worked up for a customer running 3.8+RTIR, would probably still work on current RTIR, but was definitely tied to their process. The mapping from ArcSight fields to RT fields was not well generalized and as such I do not believe that the code is public. The extension did not use the REST API, it used RT's built-in API and consumed the case export XMLs, creating Incident Reports and an Incident based on the data contained in the file. Also - reposting your question to rt-users within 24 hours of posting here doesn't get it answered sooner. -kevin
pgpOtfu0JK2Iv.pgp
Description: PGP signature
-- RT Training - Boston, September 9-10 http://bestpractical.com/training
