AMA: Manage Alerts for Jira through J1 Terraform Provider

circle
circle

AMA is an ongoing series published each Thursday, highlighting questions the community has asked in our support and how-to channels on Slack. If you haven't already done so, please join us on Slack

J1_Ambassador Apollo @2x

 

"Are there any examples or documentation of managing Alerts for Jira through the J1 Terraform provider?"

--Question from John on the J1 Community Slack

 

Answer from JupiterOne Team

Hi John.

You should be able to add the CREATE_JIRA_TICKET action in the operations block of the alert. We do have a support article on the topic. It will look something like this (untested):

resource "jupiterone_rule" "unencrypted_critical_data_stores" {
name = "unencrypted-critical-data-stores"
description = "Unencrypted data store with classification label of 'critical' or 'sensitive' or 'confidential' or 'restricted'"
polling_interval = "ONE_DAY" question {
queries {
name = "query0"
query = "Find DataStore with classification=('critical' or 'sensitive' or 'confidential' or 'restricted') and encrypted!=true"
version = "v1"
}
} outputs = [
"queries.query0.total",
"alertLevel"
] operations = <<EOF
[
{
"when": {
"type": "FILTER",
"specVersion": 1,
"condition": "true"
},
"actions": [
{
"targetValue": "HIGH",
"type": "SET_PROPERTY",
"targetProperty": "alertLevel"
},
{
"type": "CREATE_ALERT"
},
{
"type": "CREATE_JIRA_TICKET",
"integrationInstanceId": "0",
"entityClass": "Vulnerability",
"project": "81198",
"summary": "Ticket summary",
"issueType": "Task",
"additionalFields": {
"description": {
"type": "doc",
"version": 1,
"content": [
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "Jira description here!"
}
]
}
]
}
}
}
]
}
]
EOF
}

 

Response from John: Thank you! Should we assume that the 7 "property" fields listed in the doc are the only ones available?

J1 Team Response: That’s right, the additional fields property includes other properties that can be passed directly to the JIRA API if helpful.

Articles in this Series

  1. AMA: JupiterOne and PagerDuty WebHooks
  2. AMA: Export YAML Files for Vendors Pulled from SSO Providers
  3. AMA: Map Controls and Frameworks Relationships
  4. AMA: How to Track Professional Associations, Security Forums, and Threat Intel Sources
  5. AMA: Find AWS Instances by their Private IP Address
  6. AMA: SSO Integrated Authentication, Move to Another Role
  7. AMA: send-mail action to map two properties
  8. AMA: Setup the Policy Accept Button
  9. AMA: Match a blank field in J1QL
  10. AMA: Track and Alert Using Firewall Rules Matrix
  11. AMA: AWS Roles not used for 90 days, and date related queries
  12. AMA: Manage Alerts for Jira through J1 Terraform Provider
  13. AMA: Filter Results from Specific AWS Accounts
  14. AMA: Iterate and return total count of iam users per account
  15. AMA: Search for security groups by tag
  16. AMA: Identify S3 Buckets Open to Cross-Account Attack

Resources for this AMA

 

Modern Visibility in Cyberseccurity

 

 

avatar

Posted By JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

To hear more from the JupiterOne Team, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

Take-aways

You can manage alerts from Jira in the J1 platform

There are 7 properties that can be included

Other properties can be passed directly to the JIRA API

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.