Notifications - Jira

This guide describes the procedure for setting up an integration between a ZeroNorth and Jira . Integrating ZeroNorth with Jira provides automatic ticket management based on Issues and Remediations :

1. ZeroNorth detects a new Issue or Remediation of a previously known Issue on a Target set up for Jira notification.
2. ZeroNorth sends the details to the pre-specified Jira Project.
3. Jira creates a new ticket for the Issue, or marks the ticket as “DONE” in case of a Remediation.

Features and Benefits:

• ZeroNorth sends notification to Jira only for new events, avoiding redundant tickets.
• ZeroNorth also sends to Jira the Remediation events for a prior Issue, automatically closing the ticket.
• When a previously remediated (and therefore closed in Jira) ZeroNorth Issue is re-detected, a new Jira ticket is created by this mechanism.

Prerequisites

The steps described in this article assume that you have:

• A Jira account with valid credentials (user name and API token/key). The account MUST have project admin privileges. Note that while non-admin (contributors) may be able to create Jira ticket in a project via the UI, creating Jira tickets via the API requires this higher level of privileges.
• The Jira Project Key or Project ID (the ID is typically a 5-digit numeric code which your Jira admin can provide)
• The Jira project must accept the Summary and the Description fields from ZeroNorth AND must not require any other fields.
• ZeroNorth platform license and valid credentials

Set Up Procedure

Sending notification to Jira to create Jira tickets is a part of the Target definition. Sign in to your ZeroNorth UI account:

• Go to znOPS > Targets .
• To add Jira integration to a new Target, click on Add Target . Follow the instructions in this article for defining a new target, and then continue below.
• To add Jira integration to an existing Target, click on the Target name to bring up the details for edit.

In the Target edit screen, go to the Notifications section near the bottom:

image1018×325 38.8 KB

Check the Jira checkbox and then enter the necessary information:

• Your Jira domain , or the URL :
  • If you are on “*.atlassian.net”, you specify something like “myco.atlassian.net”.
  • If you are on “*.jira.com”, specify the full URL like "https://myco.jira.com/ rest ".
• The desired Jira Project Key or ID . If you are using the Project ID, it’s a 5-digit number which your Jira admin can provide.
• Your Jira username (in email format)
• Your Jira API Token (see Manage API tokens for your Atlassian account | Atlassian Support for details)
• Jira Server - If you are connecting to your own Jira Enterprise Server, check this box. The use of this feature requires additional setup. Contact support@zeronorth.io for more information.

Click Save .

Things to Keep in Mind

• Jira issue type - ZeroNorth will first look for a custom issue type with the word “Security” in the name. If found, the new Jira issue will be created using that issue type. Otherwise, it will create a bug issue type or MEDIUM priority, but with ZeroNorth severity in the summary as a label.
• Jira Ticket Fields - When creating the Jira issue, ZeroNorth sends Issue Summary, Issue Description, and a comment that has a link back to the original ZeroNorth Synthetic Issue.
• For a new Target , alerts will be sent when Issues are detected on the first run.
• For an existing Target , alerts will be sent only for net new Issues or Remediation events.
• If you have Rulesets set up to ignore Issues or Remediation events, no alert is send to Jira for the affected events.