Jira + JupiterOne Integration Benefits
- Visualize Jira projects, users, and issues in the JupiterOne graph.
- Map Jira users to employees in your JupiterOne account.
- Monitor Jira issues configured as vulnerabilities or findings within the alerts app.
- Monitor changes to Jira users, projects, and issues using JupiterOne alerts.
- Create Jira issues from JupiterOne alerts and monitor progress against those issues in JupiterOne.
- Create Jira issues from JupiterOne compliance controls that need attention.
How it Works
- JupiterOne periodically fetches Jira projects, users, and issues to update the graph.
- Write JupiterOne queries to review and monitor updates to the graph.
- Configure alerts to take action when the JupiterOne graph changes.
Requirements
- JupiterOne requires the hostname for your Jira organization. JupiterOne also requires the email and password for a user that has the correct permissions enabled. Use an API key instead of a user's password when MFA is enabled.
- You must have permission in JupiterOne to install new integrations.
Support
If you need help with this integration, please contact JupiterOne Support.
Integration Walkthrough
Customers authorize access to JupiterOne by creating a Jira user and providing the username and password (or API token when passwords require MFA) to JupiterOne for HTTP Basic Auth as described in the Jira Security for Other Integrations documentation.
In Jira
Configure an User for API Access
Option 1 - Create a New User
- Create a new service account for JupiterOne use or use an existing account.
- Login to Jira and navigate to User Management.
- Send an invite to the service account.
Option 2 - Leverage an Existing User
Before you use an existing user, you should verify a couple of things.
- Make sure the appropriate permissions are configured/can be added to the account (see the Permissions section below).
- Make sure you have the ability to login to the user's Jira account.
Permissions
- Authorize the user to read groups and users by granting the "Browse Users" global permission. This allows JupiterOne to provide visibility into Jira access.
- Authorize browse access to projects configured in JupiterOne. Use group, project, role, and issue security features of Jira to manage the user's access. Note that restricting to read-only access will require explicit removal of write permissions. Please see the Jira article on How to Create a Read Only User.
- Authorize "Create Issues" permissions in projects that serve as JupiterOne Alert Rule action targets.
Create an API Token
- Log in to Jira as the JupiterOne user and follow the Jira guide to create an API token.
In JupiterOne
- From the configuration Gear Icon, select Integrations.
- Scroll to the Jira integration tile and click it.
- Click the Add Configuration button and configure the following settings:
- Enter the Account Name by which you'd like to identify this Jira account
in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen Tag with Account Name is checked. - Enter a Description that will further assist your team when identifying the integration instance.
- Select a Polling Interval that you feel is sufficient for your monitoring
needs. You may leave this as
DISABLEDand manually execute the integration. - Enter the Hostname of your organization.
- Enter the User Email used to authenticate with Jira.
- Enter the User Password associated with the user email, or the API Key if the password requires MFA.
- Enter the Project Keys that the integration will retrieve data from.
- Click Create Configuration once all values are provided.
How to Uninstall
- From the configuration Gear Icon, select Integrations.
- Scroll to the Jira integration tile and click it.
- Identify and click the integration to delete.
- Click the trash can icon.
- Click the Remove button to delete the integration.
Data Model
Entities
The following entity resources are ingested when the integration runs:
| Jira Resource | _type of the Entity | _class of the Entity |
|---|---|---|
| Account | jira_account |
Account |
| Project | jira_project |
Project |
| User | jira_user |
User |
| Issue * | jira_issue |
Record |
(*) The integration ingests issues up to a year prior to the date of execution. Issues ingested are kept as records, such that issues older than a year that were previously ingested will remain in the graph when the integration runs again. Issues are deleted only when the integration instance is deleted, along with other entities associated with the integration instance.
Relationships
The following relationships are created/mapped:
| From | Type | To |
|---|---|---|
jira_account |
HAS | jira_project |
jira_project |
HAS | jira_issue |
jira_user |
CREATED | jira_issue |
jira_user |
REPORTED | jira_issue |
Pro Tips
In Jira, if you create custom issue types and use one of the following, the integration will parse and translate them to the corresponding entity class:
Change(this also maps when the issue key starts withPRODCM)FindingIncidentRiskVulnerability
Data Model
Entities
The following entities are created:
| Resources | Entity _type |
Entity _class |
|---|---|---|
| Account | jira_account |
Account |
| Jira Issue | jira_issue |
Record |
| Jira Project | jira_project |
Project |
| Jira User | jira_user |
User |
Relationships
The following relationships are created/mapped:
Source Entity _type |
Relationship _class |
Target Entity _type |
|---|---|---|
jira_account |
HAS | jira_project |
jira_account |
HAS | jira_user |
jira_project |
HAS | jira_issue |
jira_user |
CREATED | jira_issue |
jira_user |
REPORTED | jira_issue |