JIRA Cloud

Updated 2 months ago by Elvis Hovor

Introduction

This document provides a details of TruSTAR's JIRA Cloud add-on along with a step by step guide to installation, setup and troubleshooting. This add-on allows users to get near-real-time TruSTAR intelligence enrichment added directly to the JIRA Issues used to track security cases.

Features

  • Submit newly-created JIRA Issues into users' private TruSTAR Enclave(s) automatically when JIRA Issues are created, or manually.
  • Enrich JIRA Issues with intelligence from TruSTAR. This can be both automated and performed manually.
  • Update TruSTAR report when when a JIRA Issue is modified or updated.
  • Fine-tune configuration of submission fields to fit your data-governance policies.
  • Quickly identify high-priority indicators that correlate with indicators in your JIRA Issue.

Workflow Diagram

Requirements

The details below summarizes the prerequisites and requirements needed for the TruSTAR JIRA Cloud add-on. Please make sure below components are downloaded/available.

Note: The add-on is compatible with JIRA Cloud. This add-on is not compatible with JIRA Server/Enterprise.

JIRA cloud current version

JIRA user account with admin privileges for installing / configuring the add-on.

Installing the add-on requires jira admin privileges. More information available here: https://confluence.atlassian.com/upm/installing-add-ons-273875715.html

Easy Install - Atlasssian Marketplace

Connect to the Atlassian Marketplace website from the Atlassian application’s administration console.

  1. Navigate to "Jira Settings" --> "Add-ons" --> "Find New Add-Ons", and search for TruSTAR in the search box. Download and install it.

Setup & Configuration

Navigate to "Jira Settings" --> "Add-ons" --> "Manage add-ons" --> "TruSTAR Jira Cloud" --> "Configure" button.

Follow details below configure the add-on for use.

Configuration Details

Input Parameter

Required

Description

TruSTAR URL

Yes

Use "https://station.trustar.co" This is TruSTAR station URL at which JIRA will attempt to contact TruSTAR Station when making API calls to TruSTAR.

API Key

Yes

TruSTAR Station API key used for making API calls. Available in TruSTAR web U/I under Settings-> API.

After saving TruSTAR Configurations, API key will be stored in encrypted format on the JIRA host but will not appear in the TruSTAR Configuration dialog box when you open it again.Example API Key: "6f870192-e3ec-4c94-6385-5b2fa23ac04e"API keys are usually 36 characters long, as is the example API Key above.

API Secret

Yes

TruSTAR Station API Secret used for making API calls. Available in TruSTAR web U/I under Settings-> API.

After saving TruSTAR Configurations, API Secret will be stored in encrypted format on the JIRA host but will not appear in the TruSTAR Configuration dialog box when you open it again.Example API Secret: "xtWG2zfSML0pHyCIfVUYPMsk"API Secrets are usually 24 characters long, as is the example API Secret above.

Enclave IDs

Yes

Comma-separated-list of GUIDs (each GUID is 36-characters long, example: "17092877-ksh8-40pa-b8f7-75lsk83a66c1") that identify the Enclave(s) to which you want to submit JIRA Issues. Your JIRA issues will be submitted as TruSTAR reports to all Enclave(s) in this list. Enclave IDs are available in TruSTAR Station under Settings-> Enclave on TruSTAR Station. Most users will submit only to a single Enclave; however, some users do have multiple private Enclaves and might want to submit all JIRA cases to more than one Enclave. Example list: "3h8467fc-2b50-4756-b5e0-4ea01840bcb3, 623c7897-f502-4b1a-b8f7-7538f83a72i4"

Fields

Optional

Comma-separated-list of JIRA fields to be included in the TruSTAR Report when the JIRA issue is transferred to TruSTAR.Example list: "project, description, status, priority"If the "Fields" field is left blank, the "status" and "key" JIRA fields will be included in the TruSTAR reports by default.

Enabled Projects

Required

Comma-separated list of JIRA project keys whose Issues the user wants transferred to and enriched by the Station platform. Example list: "SOC, Abuse, Fraud, CTI"

If a project appears in both the "Enabled" and "Disabled" lists, it will be disabled.

Disabled Projects

Optional

Comma-separated list of JIRA project keys whose Issues the user specifically does NOT want transferred to or enriched by the Station platform. Example list: "HR, Marketing, Finance, Executive"

If a project appears in both the "Enabled" and "Disabled" lists, it will be disabled.

JIRA Final Status

Yes

The "Status" from the users JIRA workflow that represents the final status for the user's JIRA Issues. When an issue is marked with this status code, all comments to that issue and the issue's resolution will be added to the corresponding report in TruSTAR Station. Examples of typical final status of issues: "Done" or "Closed" or "Completed".

Auto Submission

Yes

Selecting the "Enable" radio button will cause all JIRA Issues to automatically transfer to and be enriched by TruSTAR Station. This behavior will apply to all issues created in all JIRA Projects except those specified in the "Excluded Projects" field.If "Disable" radio button selected, users will have to manually send JIRA Issues to TruSTAR Station.

Using the Add-on

Submit JIRA Report

  • For users who selected to enable "Auto Submission" in the configuration, the TruSTAR plugin will automatically send newly created issues that do not meet the exclude criteria to TruSTAR Station (to the Enclave(s) specified in the "TruSTAR Configuration" dialog box) as a TruSTAR report.
  • Alternatively, users who selected not to enable auto-submit of issues during the configuration will have to manually send a report to TruSTAR for enrichment. By selecting "Send to TruSTAR" in the list of issue options.
  • Once the JIRA Issue is submitted to the specified Enclave(s) the TruSTAR add-on adds a comment to the JIRA Issue with the following enrichment:
  • Enrichment from TruSTAR will be added to the comments section of the JIRA issue as list of high priority indicators and correlated indicators.
  • TruSTAR Report URL: a hyperlink ("deep link") to the corresponding report in TruSTAR Station.
  • Correlated Reports: an integer number representing the quantity of TruSTAR reports that correlate with this JIRA Issue.
  • High-Priority Correlated Indicators: a list of high-priority IOCs that correlate with this JIRA Issue.
  • Correlated Indicators: a list of IOCs (by IOC Type) previously reported into TruSTAR Station that correlate with this JIRA Issue.

Updates to TruSTAR data automatically populate to JIRA Issues.

Assuming the user elected to "Enable" the "Auto Submission" configuration option:

The TruSTAR platform is constantly updated with new reports and IOCs, which could provide enrichment for existing JIRA cases that have already been submitted to TruSTAR as TruSTAR Reports and obtained their initial enrichment.

When this happens, the JIRA-TruSTAR add-on will automatically update existing JIRA tickets with additional enrichment made available when new reports and IOCs are added to the user's TruSTAR enclaves.

Updates to JIRA Issues automatically populate to TruSTAR reports and update enrichment.

Assuming the user elected to "Enable" the "Auto Submission" configuration option:

Changes made to an issue in JIRA will automatically populate to the corresponding TruSTAR report. Every time a JIRA Issue is modified, the JIRA-TruSTAR add-on will automatically update the JIRA Issue's TruSTAR enrichment to reflect the most-recent version of the Issue.

JIRA Issue "Comments" automatically populate to TruSTAR when Issue completed.

Assuming the user elected to "Enable" the "Auto Submission" configuration option:

When a JIRA Issue is marked with the status code equal to the code entered in the "JIRA Final Status" configuration fields (indicating that the user is done with an Issue and does not intend to modify it anymore), all comments that have been added to that Issue will be added to the Issue's corresponding Report in TruSTAR Station.

Deleting a JIRA Issue will delete the corresponding Report from TruSTAR.

Assuming the user elected to "Enable" the "Auto Submission" configuration option:

When a user deletes an Issue from a JIRA project, the corresponding Report object in TruSTAR Station is also deleted. However, deleting a Report object from TruSTAR Station will NOT delete its corresponding JIRA Issue.

Known Limitations

The JIRA Cloud TruSTAR add-on can take up to 10 seconds to retrieve TruSTAR enrichment for a newly-created JIRA Issue.

Please reach out to support@trustar.co for any additional questions.

Troubleshooting & FAQ's

Q: What ports and firewall exceptions are needed for the Integration to work?

A: The TruSTAR integration requires no special port allocations or firewall exceptions to be installed. Users need to follow firewall and port guidelines for installing JIRA server. However, for certain functions the add-on needs access to station.trustar.co over port 443


How Did We Do?