Highlighted

Jira and cybersec?

are any enterprise security teams using jira?  i'm interested to learn about setups and integration with external systems. 

 

thanks!

3 comments

Yes.  There are a lot.  Jira is a good issue tracker, and security teams inevitably have issues to think about, so a lot of them use Jira to track them. 

There's a big and very vague idea in your question that really has two answers though.  "Integration" is a microsoft word - it gives us a rough idea, but is technically utterly useless.  What do you want from "integration"?

(FWIW, I'm involved with several security teams, but I can't talk about them)

The security teams that I've worked with have had varying levels of integration between Jira and their monitoring tools. Here are a couple of examples:

In one of the simpler integrations, the monitoring tool sends an email to Jira Service Desk which used the Enterprise Message Handler for Jira app to create an Incident issue type and set the Request Type to Security based on the sender. We also used JEMH's regex parsing ability to set custom fields that identified the affected device (hostname, environment, location, etc.) This type of solution is very easy to implement but it doesn't scale very well. Once you have 100s or 1000s of devices reporting the same vulnerability you're left with a bunch of noise. At that time you need to rethink your integration and look into tools that can perform alert aggregation and correlation.

In a more complex integration, we wrote some custom middleware that sat between Jira, the customer's monitoring tool, and their CMDB to not only identify the impacted device but also auto-assign the incident to the manager of the team responsible for the device. The middleware used a polling interval to automatically create new incidents as they were identified and close out the incidents once the vulnerability is patched. 

Comment

Log in or Sign up to comment