Using our JIRA integration, you now have a way to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Kenna prioritizes for you. No need to build a new step in your vulnerability management workflow; Kenna fits right into your existing processes. Take advantage of Kenna’s powerful prioritization and reporting platform in tandem with the ticketing system already used by your organization.
Data Flow – Kenna & JIRA
Data flow between Kenna and JIRA requires the configuration of the JIRA Connector in Kenna. Information required to configure the connector includes Username, Password, and JIRA host information. The diagram below shows the Kenna JIRA connector configuration dialog.
Note: If you are using an on-premise instance of JIRA then you will need to setup a Virtual Tunnel Connector as a prerequisite to setting up this connector, and then select the "Use Kenna Virtual Tunnel" checkbox shown above. Additional information about the Virtual Tunnel is available here.
The JIRA user has to have access to the desired projects within your JIRA system. After entering the Username, Password and Host information, click Save And Verify to save the connector.
Data flow between Kenna and JIRA is bi-directional. Tickets are populated with asset, vulnerability, and fix information from Kenna. A nightly data sync will update service ticket status within Kenna.
Create a JIRA ticket in Kenna to either address a vulnerability or apply a fix directly from Kenna. Select the checkbox to the right of the item, and the "JIRA Issue" button will appear next to the tabs within explorer view.
JIRA Issues can also be created for any Top Fix group using the same button which will appear after your connector is created. The JIRA Issue will be created for the Top Fix Group which is currently shown on the screen and each group may contain up to 3 fixes, all of which will included in a single JIRA Issue.
The JIRA dialog will show a standard set of fields with choice values loaded from your specific JIRA instance. Users can select data for any of the fields. Description is pre-populated with the appropriate vulnerability or fix data.
Once the issue has been created in JIRA a notification bar will appear at the top of the page with the incident number which is a link to the new issue in JIRA.
Basic JIRA Issue data is available in Kenna with ticket status maintained and updated on a nightly basis. This information can be used as filter criteria from the right hand search pane in the explorer view.
Whether the JIRA Issue creation is initiated from Vulnerabilities, Fix or Fix Groups, issue metadata becomes specifically tied to the associated vulnerabilities. Visually that is displayed in Kenna in multiple ways. First, any vulnerability with an associated issue will show an orange “label" on the Vulnerabilities tab. The JIRA issue number is also available to be displayed in the list of Vulnerabilities, by selecting "Service Ticket" from the Display button.
The specific JIRA Issue number is also displayed on the Vulnerability Details page for the vulnerability – choose the blue carat to see the details on a vulnerability from the Vulnerabilities tab.
Status changes of Open/Closed/Deleted made to a ticket in JIRA as part of the remediation workflow are synced back to Kenna, however, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed.
Please contact Kenna Support should you require any additional assistance with the ServiceNow Connector.