The security teams that I've worked with have had varying levels of integration between Jira and their monitoring tools. Here are a couple of examples:
In one of the simpler integrations, the monitoring tool sends an email to Jira Service Desk which used the Enterprise Message Handler for Jira app to create an Incident issue type and set the Request Type to Security based on the sender. We also used JEMH's regex parsing ability to set custom fields that identified the affected device (hostname, environment, location, etc.) This type of solution is very easy to implement but it doesn't scale very well. Once you have 100s or 1000s of devices reporting the same vulnerability you're left with a bunch of noise. At that time you need to rethink your integration and look into tools that can perform alert aggregation and correlation.
In a more complex integration, we wrote some custom middleware that sat between Jira, the customer's monitoring tool, and their CMDB to not only identify the impacted device but also auto-assign the incident to the manager of the team responsible for the device. The middleware used a polling interval to automatically create new incidents as they were identified and close out the incidents once the vulnerability is patched.