• Get started
  • Documentation
Products
Get started
Documentation
Resources
Atlassian Support
/
Jira Service Management
/
Resources
/
Discover alerting and on-call
/
Integrate IT applications and tools
Cloud

Integrate with Microsoft Sentinel

This article highlights a new alerting feature that's natively available in Jira Service Management which is gradually rolling out to some Jira Service Management Cloud customers. It may not yet be visible or available on your site.

Azure Sentinel Logo

What does the integration offer?

Jira Service Management offers a webhook integration with Microsoft Sentinel. Jira Service Management acts as a dispatcher for Microsoft Sentinel incidents, determines the right people to notify based on on-call schedules, notifies via email, text messages (SMS), phone calls, and iOS and Android push notifications, and escalates alerts until the alert is acknowledged or closed.

How does the integration work?

  • When an incident is created in Microsoft Sentinel, an alert is created in Jira Service Management.

  • When an incident is closed in Microsoft Sentinel, the related alert is closed in Jira Service Management.

Set up the integration

Microsoft Sentinel is an API-based integration. Setting it up involves the following steps:

  • Add a Microsoft Sentinel integration in Jira Service Management

  • Configure the integration in Microsoft Sentinel

Add a Microsoft Sentinel integration

Bidirectional integrations aren’t supported in Free and Standard plans. All the other integrations are supported at a team level in Free and Standard; however, for their outgoing part to work, you need to upgrade to a higher plan. To add any integration at a site level through Settings (gear icon) > Products (under JIRA SETTINGS) > OPERATIONS, you need to be either on Premium or Enterprise.

Adding an integration from your team’s operations page makes your team the owner of the integration. This means Jira Service Management only assigns the alerts received through this integration to your team.

To add a Microsoft Sentinel integration in Jira Service Management, complete the following steps:

  1. Go to your team’s operations page.

  2. On the left navigation panel, select Integrations and then Add integration.

  3. Run a search and select “Microsoft Sentinel”.

  4. On the next screen, enter a name for the integration.

  5. Optional: Select a team in Assignee team if you want a specific team to receive alerts from the integration.

  6. Select Continue.
    The integration is saved at this point.

  7. Expand the Steps to configure the integration section and copy the API key.
    You will use this key while configuring the integration in Microsoft Sentinel later.

  8. Select Turn on integration.
    The rules you create for the integration will work only if you turn on the integration.

Configure the integration in Microsoft Sentinel

To configure the integration of Microsoft Sentinel with Jira Service Management, complete the following steps:

  1. Create a logic app using Azure Deploy Template.

  2. Enter values for Subscription and Resource Group.

  3. Enter a name in Logic App Name.

  4. Paste the URL previously copied from Compass into Endpoint.

  5. Select Review + create.

  6. Select Create.

  7. Go to the API Connection resource created from the template.

  8. Select General and then Edit API connection.

  9. Authorize the connection and select Save.

  10. Go to the Sentinel workspace. Under Configuration, select Automation.

  11. Select Create and then Automation Rule.

  12. Under Actions, select Run Playbook and select the logic app created from the template.

  13. Select Apply.

  14. Create a second automation rule.

  15. For Trigger, select When incident is updated .

  16. Add a new condition. Select Condition and then Condition (And) with the field Status Changed.

  17. Select Apply.

Azure Sentinel configuration

Sample payload sent from Microsoft Sentinel

(in JSON format)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 { "id": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "description": "This is a demo incident", "title": "My incident", "severity": "Low", "status": "New", "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "labels": [ { "labelName": "My label", "labelType": "User" } ], "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" }

 

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageWhat does the integration offer?How does the integration work?Set up the integrationAdd a Microsoft Sentinel integrationConfigure the integration in Microsoft SentinelSample payload sent from Microsoft Sentinel
CommunityQuestions, discussions, and articles