Hi guys!
I’m using RTIR 4 and i want to integrate it with my SIEM (OSSIM) . But i can’t find any tutorials or documentation about it.
Anybody can help me?
Best Regards!
If you have any experience with API’s, it should be fairly easy to have a script running as a cronjob in the RTIR server that polls the SIEM for any new incidents (using the SIEM’s API), and creates new tickets in RTIR (using RT’s API).
This was how we did it for QRadar/RTIR integration and works flawlessly.
Hello @jfarinha
My setup is similar as yours, can you please share if possible, your RT configure for this to work?
Thanks!