AbuseButler
<incident>
<master_ticket></master_ticket> // master ticket (if known)
<time>
<inc_start_time></inc_start_time> // in 24 hr. format HH:MM:SS
<inc_start_date></inc_start_date> // in format DD-MM-YYYY
<inc_report_time></inc_report_time> // in 24 hr. format HH:MM:SS
<inc_report_date></inc_report_date> // in format DD-MM-YYYY
<gmt_offset></gmt_offset> // offest from GMT if not GMT already
<time_source></time_source> // e.g. NTP+stratum, GPS, etc.
</time>
<source>
<source_ip></source_ip> // IP of the incident source
<source_as></source_as> // ASN of source network
</source>
<dest>
<dest_ip></dest_ip> // IP of the destination host
<dest_as></dest_as> // ASN of destination network
<dest_contact></dest_contact> // email address of reporter
</dest>
<detail>
<incident_type></incident_type> // e.g. spam, exploit script, etc.
<report_method></report_method> // set to "AbuseButler" when using native format
<supporting_details></supporting_details> // copy of spam, FW log, etc...
</detail>
</incident>
