AlienVault® USM Anywhere™

Configuring the AlienApp for Jira

Role Availability Read-Only Analyst Manager

When the AlienApp for Jira is enabled and connected to your Jira Service Desk or Jira Software Cloud instance, you can launch response actions and create response action rules to send data from USM Anywhere to the Jira Cloud instance and create new issues. See AlienApp for Jira Orchestration for more information about the response actions supported by the AlienApp for Jira.

AlienApp for Jira Requirements

Before you configure the AlienApp for Jira, make sure you have these integration requirements.

  • Fully-qualified domain name (FQDN) for your Jira Cloud instance
  • User account that USM Anywhere will use to access the Jira Cloud instance

    This user account must have access to the projects where you want to create issues from threats detected by USM Anywhere and rights to create an API token.

Note: Depending on the way that you want the AlienApp for Jira to fit into your processes, you should determine if you want to use an existing user account or create a new user account in your Jira Cloud instance to be used exclusively for USM Anywhere.

If you are an analyst and you are manually opening issues in response to alarms and vulnerabilities, it may be appropriate to use the same account that you use to manage issues in the Jira UI. However, if you plan to use rules primarily to generate issues automatically, a user account that is specific to USM Anywhere works well and makes it easy to filter these issues in Jira dashboards.

Get Your API Token in Jira

Before you can use the AlienApp for Jira to collect and analyze Jira log data within USM Anywhere, you must have an API token that can be used to connect to the Jira APIs. Jira issues an API token for a specific user account and all requests with that token act on behalf of that user.

To acquire an API token in Jira

  1. Go to https://confluence.atlassian.com/cloud/api-tokens-938839638.html and follow the vendor instructions to generate the token.
  2. Copy the token key value to your clipboard or a secure location.

Configure the Jira Connection in USM Anywhere

To support the response actions in USM Anywhere, you must configure a connection with the Jira Cloud instance. This connection enables the AlienApp to perform operations using the Jira REST APIs. The user account that you use for the connection requires Create and Read permissions for one or more Jira projects where you want to create new issues from USM Anywhere.

To configure the Jira connection

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Access the AlienApps page

  3. On the AlienApps page, click the Jira tile.

    Click the Jira tile

    The Status tab is displayed, but it does not provide status information until the AlienApp for Jira is enabled and configured.

  4. If you have more than one deployed USM Anywhere Sensor, select the Sensor that you want to use for the enabled AlienApp.

    USM Anywhere AlienApps operate through a deployed Sensor and use APIs to integrate with the connected third-party technology. Select the Sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this Sensor.

    Select a deployed sensor used to enable the AlienApp

  5. Click Enable.
  6. Click the Settings tab.
  7. Specify the basic connection information.

    Enter your Jira connection information

    • Instance Name: Enter the FQDN for your Jira Cloud instance.

      For example, if you access your Jira Cloud instance at https://mycorp.atlassian.net, you must enter mycorp.atlassian.net in this field.

    • Username: Enter the email address for the account you used to create the API token. USM Anywhere will use this account to access your Jira Cloud instance.
    • API Key: Click Change API Key and enter the token key value associated with the account.
  8. Click Save.
  9. Click the Status tab to verify the connection.

    After USM Anywhere completes a successful connection to the Jira Cloud instance and the APIs, this tab displays icons in the Health column for the AlienApp.

    Check the connection status for the AlienApp

    If the icon appears, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Jira connection.