When the AlienApp for Jira is enabled and connected to your Jira Service Desk, Jira Software, or Jira Core cloud instance, you can launch response actions and create response action rules to send data from USM Anywhere to the Jira instance and create new issues. For more information about the response actions supported by the AlienApp for Jira, see AlienApp for Jira Orchestration.
AlienApp for Jira Requirements
Before you configure the AlienApp for Jira, make sure you have these integration requirements.
- Fully-qualified domain name (FQDN) for your Jira cloud instance
User account that USM Anywhere will use to access the Jira instance
This user account must have rights for the projects where you want to create issues from threats detected by USM Anywhere and access to create an API token.
Note: Depending on the way that you want the AlienApp for Jira to fit into your processes, you should determine if you want to use an existing user account or create a new user account in your Jira instance to be used exclusively for USM Anywhere.
If you are an analyst and you are manually opening issues in response to alarms and vulnerabilities, it may be appropriate to use the same account that you use to manage issues in the Jira UI. However, if you plan to use rules primarily to generate issues automatically, a user account that is specific to USM Anywhere works well and makes it easy to filter these issues in Jira dashboards.
Getting Your Jira API Token
Before you can use the AlienApp for Jira to collect and analyze Jira log data within USM Anywhere, you must have an API token that can be used to connect to the Jira APIs. Jira issues an API token for a specific user account and all requests with that token act on behalf of that user.
To acquire a Jira API token
- Go to https://confluence.atlassian.com/cloud/api-tokens-938839638.html and follow the vendor instructions to generate the token.
- Copy the token key value to your clipboard or a secure location.
Configuring the Jira Connection in USM Anywhere
To support the response actions in USM Anywhere, you must configure a connection with the Jira instance. This connection enables the AlienApp to perform operations using the Jira REST APIs. The user account that you use for the connection requires Create and Read permissions for one or more Jira projects where you want to create new issues from USM Anywhere.
To configure the Jira connection
- In USM Anywhere, go to DATA SOURCES > INTEGRATIONS.
Click the AlienApps tab.
In the AlienApps page, click the Jira tile.
The Status tab is displayed, but it does not provide status information until the AlienApp for Jira is enabled and configured.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
USM Anywhere AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Choose the sensor that can access the integration endpoint.
- Click Enable.
- Select the Settings tab.
Specify the basic connection information.
Instance Name — Enter the FQDN for your Jira cloud instance.
For example, if you access your Jira instance at https://mycorp.atlassian.net, you must enter mycorp.atlassian.net in this field.
- Username — Enter the user name for the account that USM Anywhere will use to access the Jira instance.
- Click Save.
Select the Status tab to verify the connection.
After USM Anywhere completes a successful connection to the Jira instance and the APIs, this tab displays icons in the HEALTH column for the AlienApp.
If you see the icon, this indicates that there is a problem with the connection. The MESSAGE column provides information about the issue. If this is the case, repeat the steps to fix the configuration or troubleshoot your Jira connection.