Cisco Vulnerability Management’s ticketing integrations allow you to take advantage of our powerful prioritization and reporting platform to streamline your remediation workflow and ensure that you’re able to close the vulnerabilities that Cisco Vulnerability Management prioritizes for you. With the JIRA Ticketing Integration, you can send tickets directly from the UI to projects in JIRA.
Note: Cisco Vulnerability Management supports Jira version 8.0+ and 9.0+.
Prerequisites
The user account that you use must have read/write access to the projects that you want to create tickets for.
Configuing the JIRA Ticketing Connector
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Ticketing section, click Jira Software.
4. On the Jira screen, enter the following information:
- Name: Enter a name for the connector, or leave it as Jira Ticketing.
- Enter the Username for the account you want to use. Cisco recommends using a service account.
- Enter the API Token for the account.
- Host: If your host is static, enter an IP address and the port number. If your host is dynamic, enter your host and port information.
- If your Jira deployment is on-premises select the Use Virtual Tunnel checkbox which will display below the API Key field.
5. Click Save And Verify.
Creating a JIRA Ticket for a Vulnerability or a Fix
You can create tickets to either address a vulnerability (or a set of vulnerabilities) or apply a fix directly in Cisco Vulnerability Management. You can create tickets from both the Vulnerabilities tab and the Fixes tab.
1. In the Cisco Vulnerability Management UI, click Vulnerability Management > Explore.
2. Click the Vulnerabilities tab or the Fixes tab.
3. Select a vulnerability or a fix in the list.
4. Click the Jira Issue button.
Creating a JIRA Ticket for a Top Fix Group
1. In the Cisco Vulnerability Management UI, click Vulnerability Management > Dashboard.
2. Click the Top Fixes button for the group that you want to open a ticket for.
3. Click the Jira Issue button.
4. On the Jira Connector page, a standard set of fields with choice values loaded from your specific Jira instance displays. Users can select data for any of the fields. The Summary and Description fields are pre-populated with the appropriate vulnerability or fix data.
Viewing Jira Ticket Information
Whether the JIRA ticket creation is initiated from Vulnerabilities, Fix or Fix Groups, incident metadata becomes specifically tied to the associated vulnerabilities. Visually that is displayed in Cisco Vulnerability Management in multiple ways. First, any vulnerability with an associated ticket will display in orange on the Vulnerabilities tab.
Once the issue has been created in JIRA, a notification bar will appear at the top of the page with the incident number which is a link to the new issue in JIRA.
The specific JIRA Issue number is displayed on the Vulnerability Details page for the vulnerability. To get to the Vulnerability Details page, click on the vulnerability name or the blue arrow.
Issue details are at the bottom right hand side of the Vulnerability Details page. This information includes Status and Assignee. When you click the link to “View JIRA Issue”, you will be directed to the Ticket in your JIRA instance.
Data Flow between Cisco Vulnerability Management and JIRA Ticketing
Data flow between Cisco Vulnerability Management and JIRA is somewhat bi-directional. Tickets in JIRA are populated with asset, vulnerability, and fix information from Cisco Vulnerability Management. A nightly data synchronization will pull in the service ticket number and ticket status from JIRA but will not update the vulnerability status in Cisco Vulnerability Management. Therefore, status changes of Open/Closed/Deleted made to a ticket in JIRA as part of the remediation workflow are synchronized back to the Cisco Vulnerability Management ticket view. However, any vulnerabilities associated with the ticket will not be marked as closed until data is retrieved from the scanning platform confirming the vulnerability is fixed. Once the ticket has been created in JIRA a notification bar will appear at the top of the page with the ticket information which is a link to the new ticket in JIRA.
JIRA ticket data is fully accessible from Cisco Vulnerability Management and can be used as filter criteria from the right-hand search pane in the Vulnerability Management Explore view as shown below. This view is only available if there are vulnerabilities in the current view that have a ticket status other than “None”.
Additional Information
The Cisco Vulnerability Management JIRA Ticketing integration is built on the default Projects views in JIRA. Regardless of which Projects you choose to ticket to, the default fields currently cannot be changed. The following are the default fields Cisco Vulnerability Management will import:
-
Project • Label
-
Summary • Due Date
-
Issue Type • Environment
-
Priority • Assign To
-
Assignee • Description
Cisco Vulnerability Management will connect to JIRA to retrieve the list of available choices for each of the listed fields and display them in the form presented to the Cisco Vulnerability Management user. Changes to the choices should be made in the Projects section of JIRA.
Caveats:
- If a JIRA Ticket exists for a specific Vulnerability or Fix, you cannot create a second ticket from Cisco Vulnerability Management for that item.
- If a JIRA ticket exists for a subset of fixes or vulnerabilities you are trying to ticket, you can create that ticket, however it will only include the data from the selection that has not yet been ticketed.
- The Subject Line for each ticket has a maximum of 255 characters. When ticketing multiple Vulnerabilities this might look like:
Windows Explorer Autoplay Not Disabled for Default User,
EOL/Obsolete Software: JBoss Enterprise Application Platform (EAP)
6.x Detected, Built-in Guest Account Not Renamed at Windows Target System,
Enabled Cached Logon Credential, Microsoft Windows Explorer AutoPlay Not
Disabled - However if you go over the 255 character limit in the Subject line, the JIRA ticket will error and will not create a ticket.
For example:
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected,
EOL/Obsolete Software: Adobe Flash Player Detected
The above Subject line is greater than 255 characters, which would not allow the user to create a ticket.
- Note that the body of the Ticket also has a character limit.
Optional Settings
JIRA Dynamic Assignees
Dynamically search for assignees based on user input in the Assignees typeahead instead of pre-loading all possible assignees. This is useful for clients with extraordinarily large numbers of users.
JIRA Path Prefix
Custom API path prefix such as https://example.com/{jira_path_prefix}/rest/api/2/.
Service Ticket Type
If you want to change the default ticket type to a different status.
Additional Assistance
Contact Cisco Support if you require any additional assistance with the JIRA Connector.
Comments
Please sign in to leave a comment.