|TIssue is a database and workflow
managing network blocks of systems due to critical vulnerablities, an
FCIRT incident or other inappropriate activities that are not handled
by the AutoBlocker system. The AutoBlocker will institute a short-term
outgoing (from the lab to the Internet) network block for nodes with
suspicious activity (peer-to-peer file sharing, Skype VoIP calls and
accesses to web pages with lots of active links are some examples).
With the AutoBlocker, once the suspicious activity stops, the network
block will be automatically lifted after a short interval. Network
blocks handled via TIssue require manual intervention to resolve the
problem that necessitated the block (such as patching the critical
vulnerability) and then mark the event in TIssue as remediated (fixed).
When a TIssue event is generated for a node, the registered system adminstrators (both the Primary and all Authorized Administrators in the SysAdmin database) and, if identified, the GCSC mailing list appropriate for the locale of the node are sent an E-mail message identifying the node and the crititical vulnerabity that will cause the node the node to be blocked. This message contains a link to the TIssue event so the responsible person can remediate the event after fixing the problem. Click on the checkbox beside Remediated, use the pull-down menu to select the action taken and click on the Done button. If the browser has a valid KCA certificated loaded (see How to Get a KCA Certiticate) then the TIssue event will be Closed and, if necessary, added to the unblock pending workflow. If there is no KCA certificate (or it is expired), TIssue will prompt for user identificate and mark the event as Pending requiring action by a TIssue Administrator to Close the event.
For more general searches especially if you have lost the E-mail with the direct link to the TIssue event or to examine all issues, included Closed issues, for a node, use the TIssue Home Page and enter the desired selection information in the appropriate field and click the Search button (pay attention to the checkbox to include or exclude Closed events).