Using TIssue

TIssue is a database and workflow system for managing network blocks of systems due to critical vulnerablities, an FCIRT incident or other inappropriate activities that are not handled by the AutoBlocker system. The AutoBlocker will institute a short-term outgoing (from the lab to the Internet) network block for nodes with suspicious activity (peer-to-peer file sharing, Skype VoIP calls and accesses to web pages with lots of active links are some examples). With the AutoBlocker, once the suspicious activity stops, the network block will be automatically lifted after a short interval. Network blocks handled via TIssue require manual intervention to resolve the problem that necessitated the block (such as patching the critical vulnerability) and then mark the event in TIssue as remediated (fixed).

When a TIssue event is generated for a node, the registered system adminstrators (both the Primary and all Authorized Administrators in the SysAdmin database) and, if identified, the GCSC mailing list appropriate for the locale of the node are sent an E-mail message identifying the node and the crititical vulnerabity that will cause the node the node to be blocked.  This message contains a link to the TIssue event so the responsible person can remediate the event after fixing the problem. Click on the checkbox beside Remediated, use the pull-down menu to select the action taken and click on the Done button. If the browser has a valid KCA certificated loaded (see How to Get a KCA Certiticate) then the TIssue event will be Closed and, if necessary, added to the unblock pending workflow. If there is no KCA certificate (or it is expired), TIssue will prompt for user identificate and mark the event as Pending requiring action by a TIssue Administrator to Close the event.

For more general searches especially if you have lost the E-mail with the direct link to the TIssue event or to examine all issues, included Closed issues, for a node, use the TIssue Home Page and enter the desired selection information in the appropriate field and click the Search button (pay attention to the checkbox to include or exclude Closed events).

For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006.
(Address comments about page to the Computer Security Team.)