A. Integrating Jira to Phoenix Security
Jira API Token
You can authenticate with the Jira API server using either your username and password or a username and API Token (recommended). If you are using two-step verification to log into Jira, then you need to use the API Token. In order to get your API Token you can click here (if already logged into Jira) or follow these steps:
- Log into Jira and select “Account settings” from the user icon on the upper-right corner.
- On the “Atlassian account” page select “Security” on the left-hand side menu.
- Then click on “Create and manage API tokens” and create a new token by giving it a label. Ensure that you copy the token, as you won’t have access to it again after creation.
For Jira Data Center, you need to generate a Personal Access Token. These are different to API Tokens and can be created by going to User menu > Profile > Personal Access Tokens and clicking on “Create token“.
Jira Integration
Before using Jira integration features within your Phoenix Security instance, you have to set it up first by configuring the Jira – Phoenix Security integration. Here are the steps to complete the integration process:
- On the Navigation Menu, go to Integrations > Workflow. Then click on the Create Workflow button.
- In the first step enter an name for the integration and select the Jira Software integration type. Then click Next.
- On the second step you need to provide the Jira connection details:
- Server URL: The base url of your Atlassian/Jira account
- Username:
- For Jira Cloud, either the username of the user that generated the API Token (or password).
- For Jira Data Center enter a “–” (a single hyphen, without the quotes).
- Access Token:
- For Jira Cloud, the API Token or password, as discussed above.
- For Jira Data Center, the Personal Access Token.
- Click the “Save Workflow” button.
B. Link Jira to an Application
In order to link an existing Phoenix Security Application to Jira, you need to edit the Application and enable the link to “Jira Project” checkbox.
- On the Navigation Menu, select Risk Explorer > Applications.
- Select the Application List tab and scroll down to the Application that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon).
- In the Update Application form, find that Integration section on the right-hand side and check the “Link to Jira Project”.
- Select the Jira Account and Jira Project that you want to link the Application to.
- Click the “Save Linking to Jira” button to save the changes.
By linking your application to a Jira project you will be able to create tickets in Jira for the application’s vulnerabilities with a single click.
Once the process is completed a blue Jira logo will appear next to the Application in the Applications list to indicate that the Application is currently linked to a Jira Project.
C. Link Jira to an Environment
In order to link an existing Phoenix Security Environment to Jira, you need to edit the Environment and enable the link to “Jira Project” checkbox. The whole process is analogous to the one for Applications (above):
- On the Navigation Menu, select Risk Explorer > Environments.
- Select the Environment List tab and scroll down to the Environment that you want to update. Hover your mouse over the application entry, click on the three-dots icon than appears on the right, and select Edit (pencil icon)
- In the Update Environment form, find that Integration section on the right-hand side and check the “Link to Jira Project”.
- Select the Jira Account and Jira Project that you want to link the Environment to.
- Click the “Save Linking to Jira” button to save the changes.
Once the process is completed a blue Jira logo will appear next to the environment in the Environment list to indicate that the environment is currently linked to a Jira Project.
D. Create a Jira Ticket to Track a Vulnerability
Once Jira is fully integrated with your Phoenix Security account, you can create Jira tickets to keep track and monitor a Vulnerability identified in your Application. Here are the steps for you to follow:
- On the Navigation Menu, click Vulnerabilities.
- Scroll down until you see the Vulnerabilities section. Look for the Vulnerability you wish to track with Jira and click the blue Jira icon corresponding to it (marked with the white line in the screenshot below).
- Once a ticket has been successfully created, the ticket reference number ans status will be displayed where the blue Jira icon was located in step 2. An example has been marked with a red line in the screenshot below.
- Click on the ticket reference number to open the incident ticket page in Jira.
You can monitor the progress of the ticket on Jira moving forward.
E. Create WebHooks to Get Status Updates
In order to get status updates for your tickets delivered to Phoenix Security, you need to configure a webhook in Jira’s Admin area.
- Go to your site’s Administration area and then select “Jira” from the “Application Settings” at the bottom of the left-hand menu.
- From the new page that opens up, click on “WebHooks” in “Advanced” section.
NOTE: Depending on your version of Jira (e.g. Data Center) you might find the WebHooks menu entry by going to Administration [⚙] > System and then Advanced > WebHooks on the left menu.
- Select to create a new Webhook and fill in the form as seen below.
- Name: descriptive name
- URL: The Webhook URL that you can see in Phoenix Security by going to Integrations > Workflow and selecting the Jira integration that you are creating the webhook for (each integration has its own URL).
- Issue related events: Ideally, filter the webhook events by the projects that you are connecting to in Phoenix Security. By typing ‘project=”‘ (note the double quote at the end) in the box you’ll get a list of valid projects.
- Issue: In the Issue section tick the “updated” and “deleted” boxes. Creation is done by Phoenix Security.
- Then save the webhook and check that you are getting ticket status updates back into Phoenix Security.