Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Jira and cybersec?

Joey October 3, 2018

are any enterprise security teams using jira?  i'm interested to learn about setups and integration with external systems. 





Log in or Sign up to comment
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 3, 2018

Yes.  There are a lot.  Jira is a good issue tracker, and security teams inevitably have issues to think about, so a lot of them use Jira to track them. 

There's a big and very vague idea in your question that really has two answers though.  "Integration" is a microsoft word - it gives us a rough idea, but is technically utterly useless.  What do you want from "integration"?

(FWIW, I'm involved with several security teams, but I can't talk about them)

Bryan Robison October 4, 2018

The security teams that I've worked with have had varying levels of integration between Jira and their monitoring tools. Here are a couple of examples:

In one of the simpler integrations, the monitoring tool sends an email to Jira Service Desk which used the Enterprise Message Handler for Jira app to create an Incident issue type and set the Request Type to Security based on the sender. We also used JEMH's regex parsing ability to set custom fields that identified the affected device (hostname, environment, location, etc.) This type of solution is very easy to implement but it doesn't scale very well. Once you have 100s or 1000s of devices reporting the same vulnerability you're left with a bunch of noise. At that time you need to rethink your integration and look into tools that can perform alert aggregation and correlation.

In a more complex integration, we wrote some custom middleware that sat between Jira, the customer's monitoring tool, and their CMDB to not only identify the impacted device but also auto-assign the incident to the manager of the team responsible for the device. The middleware used a polling interval to automatically create new incidents as they were identified and close out the incidents once the vulnerability is patched. 

Joey October 4, 2018

thanks @Nic Brough (Adaptavist) and @Bryan Robison.  This helps.

AUG Leaders

Atlassian Community Events