• Documentation
Products
Documentation
Resources
Atlassian Support
/
Security and access policies Resources
/
Detect, investigate, and respond to threats
/
Send alerts to your own tools

Send alerts to Jira

Use webhooks and Jira Automation to create Jira issues from alerts. About Jira Automation

Who can do this?
Role: Organization admin, Guard Detect admin
Plan: Atlassian Guard Premium

Step 1: Create an automation rule and get the webhook URL

To create an automation rule in Jira:

  1. In Jira, navigate to the project you want to create issues in.

  2. Go to Project settings > Automation.

  3. Select Create rule.

  4. Search for the Incoming webhook component.

  5. Select No issues from the webhook when asked how to execute the automation rule.

  6. Copy the Webhook URL. You’ll need this in the next step.

  7. Save your changes to the Incoming webhook component.

Jira automation showing incoming webhook

Step 2: Add the webhook URL to Guard Detect

To add the webhook URL:

  1. In Guard Detect, go to Integrations > SIEM forwarding.

  2. Select Add webhook.

  3. Paste the Webhook URL you copied from Jira and Save.

SIEM integration showing an example webhook URL and an add webhook button

Step 3: Configure the automation rule to create an issue

  1. In Jira, go back to your automation rule and select THEN: Add an action.

  2. Search for the Create issue component.

  3. Enter details such as project, Issue type, and summary.

  4. Save your changes to the Create issue component.

  5. Name your automation rule and select Turn it on.

Jira automation showing create issue action

You can include data from the webhook payload in a Jira field using the format {{webhookData.<attribute>}}.

For example, you could include the alert title or URL in the issue description to provide quick access to the alert details.

Include the alert title

{{webhookData.alertTitle}}

Include the alert URL

{{webhookData.alertDetailURL}}

Step 4: Send a test alert

To send a test alert:

  1. In Guard Detect, go to Integrations > SIEM forwarding.

  2. Select Send test alert.

If the integration is working you should see a new issue in your Jira project.

Jira issue showing data from alert

When an alert is generated, it will now create a new issue in your Jira project.

What data is sent to your tool?

It’s important to know that once you set up an integration you will be sending alert data to the third party tool of your choosing. We send the alert title, description, and context which can include:

  • The name of the actor and their profile picture

  • The name of the subject, which can be a person or an entity (such as a space, project, or policy)

  • The site URL or page URL where the activity happened.

We respect the visibility settings in the actor’s Atlassian Account profile. If the actor has chosen not to share their profile picture with their Atlassian organization, we respect that setting.

You should make sure that it’s appropriate for this data to be shared with your third party tool before setting up the integration.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageStep 1: Create an automation rule and get the webhook URLStep 2: Add the webhook URL to Guard Detect Step 3: Configure the automation rule to create an issueStep 4: Send a test alertWhat data is sent to your tool?
CommunityQuestions, discussions, and articles