Notifications - GitHub Issues

ZeroNorth Experts
,
1

This guide describes the procedure for setting up an integration between a ZeroNorth and GitHub Issues. Integrating ZeroNorth with GitHub provides automatic ticket management based on Issues Detections and Remediations :

image

  1. ZeroNorth detects a new Issue or Remediation of a previously known Issue on a Target set up for GitHub Issues notification.
  2. ZeroNorth sends the details to the pre-specified GitHub Repository.
  3. GitHub Issues are created for an Issue detection, or marked as “CLOSED” for an Issue Remediation.

Features and Benefits:

  • ZeroNorth sends notification to GitHub Issues only for new events, avoiding redundant tickets.
  • ZeroNorth also sends to GitHub the Remediation events for a prior Issue, automatically closing the ticket.
  • When a previously remediated (and therefore closed in GitHub) Issue is re-detected, a new GitHub ticket is created by this mechanism.

Prerequisites

The steps described in this article assume that you have:

  • A GitHub account with valid credentials (user name and a Personal Access Token )
  • The GitHub repository owner name
  • ZeroNorth platform license and valid credentials

Set Up Procedure

Sending notification to GitHub Issues to create GitHub Issues tickets is a part of the Target definition. Sign in to your ZeroNorth UI account:

  • Go to znOPS > Targets .
  • To add GitHub integration to a new Target, click on Add Target . Follow the instructions in this article for defining a new target, and then continue below.
  • To add GitHub integration to an existing Target, click on the Target name to bring up the details for edit.

In the Target edit screen, go to the Notifications section near the bottom:

image
image1074×378 18 KB

Check the Github checkbox and then enter the necessary information:

  • Your GitHub Domain: For example: https://api.github.com (this is the default if you omit this field)
  • The desired Repository Owner - this is typically the organization that owns the repo. If you are using a private GitHub account, this name is often the same as your username.
  • The desired Repository Name
  • The GitHub Personal Access Token (see Creating a personal access token for details) - required access scope is “repo”.

Click Save .

Things to Keep in Mind

  • GitHub Issue Fields - When creating a GitHub issue, ZeroNorth sends Issue Summary, Issue Description, and a comment that has a link back to the original ZeroNorth Synthetic Issue.
  • For a new Target , alerts will be sent when Issues are detected on the first run.
  • For an existing Target , alerts will be sent only for net new Issues or Remediation events.
  • If you have Rulesets set up to ignore Issues or Remediation events, no alert is send to GitHub for the affected events.