Cisco Vulnerability Management’s ticketing integrations allow customers to take advantage of our powerful prioritization and reporting platform to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Cisco Vulnerability Management prioritizes for you. With the JIRA Ticketing Integration, you can send tickets directly from the UI to projects in JIRA. This guide will help you get up and running.
Note: Cisco Vulnerability Management supports Jira version 8.0+ and 9.0+.
Adding the JIRA Ticketing Connector
Data flow between Cisco Vulnerability Management and JIRA requires the configuration of the JIRA Connector in Cisco Vulnerability Management. The first step is to add the JIRA Ticketing Connector from the connectors tab and configure it with your credentials. The user account must have read/write access to the projects to which you will wish to ticket. Information required to configure the connector includes:
-
Username (Service Account User recommended)
-
API Token
-
JIRA host
-
If your host is static, you may enter an IP address and the port. If not, please enter your host and port information below.
-
-
If your JIRA deployment is on-premise you will need to leverage the Kenna Virtual Tunnel.
-
Once you have the Virtual Tunnel installed, in the JIRA set-up window, please check the box for “Use Kenna Virtual Tunnel”
-
After entering the Username, API Key and Host information, click Save And Verify to save the connector. The image below shows the JIRA Connector configuration window.
Creating a JIRA Ticket
Tickets can be created to either address a vulnerability (or set of vulnerabilities) or apply a fix directly in Cisco Vulnerability Management. You can create tickets from both the Vulnerabilities tab and the Fixes tab. You can do so by selecting the checkbox to the left of the desired item, and clicking the JIRA Issue button, which will appear next to the tabs within the explore view.
JIRA Tickets can also be created for any Top Fix group using the same button which will appear after your connector is created. The JIRA ticket will be created for the Top Fix Group which is currently shown on the screen and each group may contain up to 3 fixes, all of which will included in the JIRA Issue.
Once you click to create a new ticket, the JIRA dialog box will pop up and display a standard set of fields with choice values loaded from your specific JIRA instance. Users can select data for any of the fields. Summary and Description are pre-populated with the appropriate vulnerability or fix data.
Whether the JIRA ticket creation is initiated from Vulnerabilities, Fix or Fix Groups, incident metadata becomes specifically tied to the associated vulnerabilities. Visually that is displayed in Cisco Vulnerability Management in multiple ways. First, any vulnerability with an associated ticket will show an orange “pill” on the Vulnerabilities tab.
Once the issue has been created in JIRA a notification bar will appear at the top of the page with the incident number which is a link to the new issue in JIRA.
The specific JIRA Issue number is displayed on the Vulnerability Details page for the vulnerability. To get to the Vulnerability Details page, click on the vulnerability name or the blue carat to see the details on a vulnerability from the Vulnerabilities tab.
Issue details are at the bottom right hand side of the vulnerability detail page. This information includes Status and Assignee. When you click the link to “View JIRA Issue”, you will be directed to the Ticket in your JIRA instance.
Data Flow between Cisco Vulnerability Management and JIRA Ticketing
Data flow between Cisco Vulnerability Management and JIRA is somewhat bi-directional. Tickets in JIRA are populated with asset, vulnerability, and fix information from Cisco Vulnerability Management. A nightly data sync will pull in the service ticket number and ticket status from JIRA but will not update the vulnerability status in Cisco Vulnerability Management. Therefore, status changes of Open/Closed/Deleted made to a ticket in JIRA as part of the remediation workflow are synced back to the Cisco Vulnerability Management ticket view, however, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed. Once the ticket has been created in JIRA a notification bar will appear at the top of the page with the Ticket information which is a link to the new ticket in JIRA.
JIRA ticket data is fully accessible from with Cisco Vulnerability Management and can be used as filter criteria from the right hand search pane in the explorer view as shown below. This view is only available if there are vulnerabilities in the current view who have a ticket status other than “None”.
Additional Information
The Cisco Vulnerability Management-JIRA Ticketing integration is built on the default Projects views in JIRA. Regardless of which Project(s) you choose to ticket to, the default fields currently cannot be changed. The following are the default fields Cisco Vulnerability Management will bring in:
-
Project • Label
-
Summary • Due Date
-
Issue Type • Environment
-
Priority • Assign To
-
Assignee • Description
Cisco Vulnerability Management will connect to JIRA to retrieve the list of available choices for each of the listed fields and display them in the form presented to the Cisco Vulnerability Management user. Changes to the choices should be made in the Projects section of JIRA.
Caveats:
- If a JIRA Ticket exists for a specific Vulnerability or Fix, you will be unable to create a second ticket from Cisco Vulnerability Management for that item.
- If a JIRA ticket exists for a subset of fixes or vulns you are trying to ticket, you can create that ticket, however it will only include the data from the selection that has not yet been ticketed.
- The Subject Line for each ticket has a maximum of 255 characters. When ticketing multiple Vulnerabilities this might look like:
-
Windows Explorer Autoplay Not Disabled for Default User,
EOL/Obsolete Software: JBoss Enterprise Application Platform (EAP)
6.x Detected, Built-in Guest Account Not Renamed at Windows Target System,
Enabled Cached Logon Credential, Microsoft Windows Explorer AutoPlay Not
Disabled -
however if you go over the 255 character limit in the Subject line, the JIRA ticket will error and will not create a ticket
Example: -
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected
-
The above Subject line is greater than 255 characters, which would not allow the user to create a ticket.
- Please note that the body of the Ticket also has a character limit.
Optional Settings:
-
JIRA Dynamic Assignees
-
Dynamically search for assignees based on user input in the Assignees typeahead instead of pre-loading all possible assignees. This is useful for clients with extraordinarily large numbers of users.
-
-
JIRA Path Prefix
-
Custom API path prefix e.g. https://example.com/{jira_path_prefix}/rest/api/2/...
-
-
Service Ticket Type
-
If you wish to change the default ticket type to a different status
-
Please contact Support should you require any additional assistance with the JIRA Connector.
Comments
Please sign in to leave a comment.