Jira Integration

After completing this article, you will learn how to:

– Integrate your Jira account with your Phoenix Security account
– Link Applications and Environments to Jira Projects
– Create incident tickets to track Vulnerabilities in your Phoenix Security Applications and Environments
– Get status updates back into Phoenix Security by creating a webhook in Jira

Prerequisites

– In order to integrate Jira to your Phoenix Security instance, you should have access to the platform as an Org Admin user.
– Access to your Jira credentials

A. Integrating Jira to Phoenix Security

Jira API Token

You can authenticate with the Jira API server using either your username and password or a username and API Token (recommended). If you are using two-step verification to log into Jira, then you need to use the API Token. In order to get your API Token you can click here (if already logged into Jira) or follow these steps:

• Log into Jira and select “Account settings” from the user icon on the upper-right corner.
• On the “Atlassian account” page select “Security” on the left-hand side menu.
• Then click on “Create and manage API tokens” and create a new token by giving it a label. Ensure that you copy the token, as you won’t have access to it again after creation.

Jira Integration

Before using Jira integration features within your Phoenix Security instance, you have to set it up first by configuring the Jira – Phoenix Security integration. Here are the steps to complete the integration process:

1. On the Navigation Menu, go to Integrations > Workflow. Then click on the Create Workflow button.

2. In the first step enter an name for the integration and select the Jira Software integration type. Then click Next.

3. On the second step you need to provide the Jira connection details:

• Server URL: The base url of your Atlassian/Jira account
• Username
• Access Token: API Token or password, as discussed above

4. Click the “Save Workflow” button.

B. Link Jira to an Application

In order to link an existing Phoenix Security Application to Jira, you need to edit the Application and enable the link to “Jira Project” checkbox.

1. On the Navigation Menu, select Risk Explorer > Applications.

2. Select the Application List tab and scroll down to the Application that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon).

3. In the Update Application form, find that Integration section on the right-hand side and check the “Link to Jira Project”.

4. Select the Jira Account and Jira Project that you want to link the Application to.

5. Click the “Save Linking to Jira” button to save the changes.

By linking your application to a Jira project you will be able to create tickets in Jira for the application’s vulnerabilities with a single click.

Once the process is completed a blue Jira logo will appear next to the Application in the Applications list to indicate that the Application is currently linked to a Jira Project.

C. Link Jira to an Environment

In order to link an existing Phoenix Security Environment to Jira, you need to edit the Environment and enable the link to “Jira Project” checkbox. The whole process is analogous to the one for Applications (above):

1. On the Navigation Menu, select Risk Explorer > Environments.

2. Select the Environment List tab and scroll down to the Environment that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon) 

3. In the Update Environment form, find that Integration section on the right-hand side and check the “Link to Jira Project”.

4. Select the Jira Account and Jira Project that you want to link the Environment to.

5. Click the “Save Linking to Jira” button to save the changes.

Once the process is completed a blue Jira logo will appear next to the environment in the Environment list to indicate that the environment is currently linked to a Jira Project.

D. Create a Jira Ticket to Track a Vulnerability

Once Jira is fully integrated with your Phoenix Security account, you can create Jira tickets to keep track and monitor a Vulnerability identified in your Application. Here are the steps for you to follow:

1. On the Navigation Menu, click Vulnerabilities.

2. Scroll down until you see the Vulnerabilities section. Look for the Vulnerability you wish to track with Jira and click the blue Jira icon corresponding to it (marked with the white line in the screenshot below).

3. Once a ticket has been successfully created, the ticket reference number ans status will be displayed where the blue Jira icon was located in step 2. An example has been marked with a red line in the screenshot below.

4. Click on the ticket reference number to open the incident ticket page in Jira.

You can monitor the progress of the ticket on Jira moving forward.

E. Create WebHooks to Get Status Updates

In order to get status updates for your tickets delivered to Phoenix Security, you need to configure a webhook in Jira’s Admin area.

1. Go to your site’s Administration area and then select “Jira” from the “Application Settings” at the bottom of the left-hand menu.

2. From the new page that opens up, click on “WebHooks” in “Advanced” section.

3. Select to create a new Webhook and fill in the form as seen below.

• Name: descriptive name
• URL: The Webhook URL that you can see in Phoenix Security by going to Integrations > Workflow and selecting the Jira integration that you are creating the webhook for (each integration has its own URL).
• Issue related events: Ideally, filter the webhook events by the projects that you are connecting to in Phoenix Security. By typing ‘project=”‘ (note the double quote at the end) in the box you’ll get a list of valid projects.
• Issue: In the Issue section tick the “updated” and “deleted” boxes. Creation is done by Phoenix Security.

4. Then save the webhook and check that you are getting ticket status updates back into Phoenix Security.