Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira and cybersec?

are any enterprise security teams using jira?  i'm interested to learn about setups and integration with external systems. 

 

thanks!

3 comments

Yes.  There are a lot.  Jira is a good issue tracker, and security teams inevitably have issues to think about, so a lot of them use Jira to track them. 

There's a big and very vague idea in your question that really has two answers though.  "Integration" is a microsoft word - it gives us a rough idea, but is technically utterly useless.  What do you want from "integration"?

(FWIW, I'm involved with several security teams, but I can't talk about them)

The security teams that I've worked with have had varying levels of integration between Jira and their monitoring tools. Here are a couple of examples:

In one of the simpler integrations, the monitoring tool sends an email to Jira Service Desk which used the Enterprise Message Handler for Jira app to create an Incident issue type and set the Request Type to Security based on the sender. We also used JEMH's regex parsing ability to set custom fields that identified the affected device (hostname, environment, location, etc.) This type of solution is very easy to implement but it doesn't scale very well. Once you have 100s or 1000s of devices reporting the same vulnerability you're left with a bunch of noise. At that time you need to rethink your integration and look into tools that can perform alert aggregation and correlation.

In a more complex integration, we wrote some custom middleware that sat between Jira, the customer's monitoring tool, and their CMDB to not only identify the impacted device but also auto-assign the incident to the manager of the team responsible for the device. The middleware used a polling interval to automatically create new incidents as they were identified and close out the incidents once the vulnerability is patched. 

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you