JIRA

by Elvis Hovor

Introduction

TruSTAR is a threat intelligence platform designed to accelerate incident analysis process and exchange of intelligence among various internal and external teams. This document provides a description of the JIRA App built for TruSTAR. This document provides a step by step guide to install, setup and troubleshoot the TruSTAR App for JIRA.

Workflow Illustration

App Installation

The following bundles are required for successful install of the JIRA app.

#

Bundle Name

Description

1

JIRA  Add-on for Trustar

This bundle will ingest newly created reports in JIRA to TruSTAR. This bundle is required and requires .

Prerequisites

The details below summarizes the prerequisites and requirements. Please make sure below components are downloaded/available.

Jira Server  version 7.5.0 or above.

Installation

The installation process is fairly straightforward and will require admin privileges to install. https://confluence.atlassian.com/upm/installing-add-ons-273875715.html

Once Add-on is installed a TruSTAR configuration Menu appears on add-on page where you can configure your add-on

Installation From Atlassian Marketplace

Connect to the Atlassian Marketplace website from the Atlassian application’s administration console.

  1. You can install the TruSTAR add-ons by navigate to the application's administration console and selecting  the Find new add-ons link.
  2. Enter TruSTAR  in the Search the Marketplace box.
  3. Click the Install button for TruSTAR from the Find new add-ons administration page.

This method is the quickest way to install add-ons, however, you can also install by file upload, as described in the next section

Manual Installation

To upload an add-on manually:

  1. From the application's administration console, click the Manage add-ons link.
  2. Click the Upload add-on link at the top right side of the page.  
  3. The upload add-on dialog will appear, enter the location of the JAR or OBR file to upload using the file chooser or by specifying a network location by entering a URL.
  4. Click Upload.
  5. A confirmation message appears when the add-on is successfully installed.

You can now manage the add-on from the user-installed add-on list on the Manage add-ons page.  

Installation for JIRA Cloud

The TruSTAR JIRA app has not been certified to work with JIRA Cloud, the app will not show up in the Atlassian marketplace for JIRA Cloud. Installing manually is also not advised.

A TruSTAR app update for JIRA cloud will be available soon.

App Configuration

Configure the Plugin by selecting the TruSTAR Configuration under manage add-ons section

Setup process is as follows:

  • Fill the configuration details (see Table below for more details).

Input Parameter

Required

Description

Endpoint

Yes

Use https://station.trustar.co This is TruSTAR station URL from where data get collected by executing API calls.

Access Key

Yes

Authentication Key to connect to TruSTAR station. It will be used for making API calls. Available under Settings-> API on TruSTAR Station.


It will be in clear text at the time of initial configuration.

On save of configuration, Access key will get stored in encrypted format. On edit of the access key input, the field will be blank.

Secret

Yes

Secret Key to connect to TruSTAR station. It will be used for making API calls. Available under Settings-> API on TruSTAR Station.


It will be in clear text at the time of initial configuration.

On save of configuration, Secret key will get stored in encrypted format. On edit of the secret key input, the field will be blank.

Enclave IDs

Yes

Enclave/s in TruSTAR where you want to submit newly created JIRA cases. Enclave IDs are available in TruSTAR Station under Settings-> Enclave on TruSTAR Station.


Project Keys

Optional

Leave Projects keys field blank if you want all cases created in JIRA to be submitted to TruSTAR.

Alternatively, enter comma separated list of project keys for only the projects you want to be submitted to TruSTAR

Incident Enrichment Workflow

Submit Report

Once a case is created in JIRA the TruSTAR integration will trigger Submit Report event to TruSTAR. This case will be submitted as a TruSTAR report to the enclave(s) you have identified in your configuration.

Once the case is submitted into the select enclave(s) in TruSTAR  it returns a deep link in the comments section to the case in TruSTAR station. You can click on this link to take you to the case in TruSTAR.

Correlated Reports

Once a case is successfully submitted to TruSTAR the comments section will show the count of correlated TruSTAR reports for IOCs in that case.

Image below shows correlated report in the case comments. It shows correlated report count found in TruSTAR.

Correlated IOCs

Once a case is successfully submitted to TruSTAR the comments section will show correlated TruSTAR IOCs.

Below image shows correlated indicator work note details shown in security incident. It shows correlated indicators with deep link to TruSTAR Station.

Updating with New TruSTAR IOCs

The TruSTAR platform is constantly updated with new IOCs, which could provide enrichment for an existing JIRA case. This integration updates correlated indicators found in TruSTAR in Associated Indicators tab for a created incident.

Also anytime a ticket is updated the it is updated inside the enclave in TruSTAR and a updated list of the number of correlated reports and correlated indicators is added to the comments section.

Troubleshooting

Known Limitations

Depending on the JIRA server and versions there are known instances when it takes about 10 seconds to add TruSTAR correlation details on a newly created ticket in JIRA.

Please reach out to support@trustar.co for any additional questions.

How Did We Do?