Send alerts to Jira
Use webhooks and Jira Automation to create Jira issues from alerts. About Jira Automation
Who can do this? |
Step 1: Create an automation rule
To create an automation rule in Jira:
In Jira, navigate to the project you want to create issues in.
Go to Project settings > Automation.
Select Create rule.
Search for the Incoming webhook component.
Select Add Component. You won’t be able to configure the webhook until the next step.
Select THEN: Add an action.
Search for the Create issue component.
Enter details such as project, Issue type, and summary.
From the Turn on rule menu, select Save rule without enabling.
When prompted, give your rule a name and Save.
![Jira automation showing create issue action](http://images.ctfassets.net/zsv3d0ugroxu/7kSyYs6g2SVfuNtjNNctX3/362fd05835259a35010ac52b0fe472ee/Screenshot_detect-JiraAutomation-CreateIssue.png)
You can include data from the webhook payload in a Jira field using the format {{webhookData.<attribute>}}.
For example, you could include the alert title or URL in the issue description to provide quick access to the alert details.
Include the alert title | {{webhookData.alertTitle}} |
Include the alert URL | {{webhookData.alertDetailURL}} |
Step 2: Get the automation webhook URL
To get the webhook URL:
In Jira, go back to your automation rule and select the Incoming webhook trigger.
Copy the Webhook URL and Secret. You’ll need this in the next step.
Select No issues from the webhook when asked how to execute the automation rule.
Save your changes to the Incoming webhook component.
Enable the rule whenever you’re ready.
![Jira automation showing incoming webhook](http://images.ctfassets.net/zsv3d0ugroxu/7LVEXbeLxtipJ2w5H3WlY5/96af5c7007e902667fe44001e90e617b/Screenshot_detect-JiraAutomation-Webhook.png)
Step 3: Add the webhook URL to Guard Detect
To add the webhook URL:
In Guard Detect, go to Integrations > SIEM webhooks.
Select Add webhook URL.
Paste the Webhook URL you copied from Jira and Save.
Select More actions (…) > Add authorization header.
Paste the Secret you copied from Jira and Save.
![SIEM integration showing an example webhook URL and an add webhook button](http://images.ctfassets.net/zsv3d0ugroxu/77iamLO91sSFZZHI3hMuqs/80b5eb2f65ee6e74546f3d044e882a9b/Screenshot_detect-integration-SIEM-activewebhook.png)
Step 4: Send a test alert
To send a test alert:
In Guard Detect, go to Integrations > SIEM webhooks.
Select Test next to the webhook for this integration.
If the integration is working you should see a new issue in your Jira project.
When an alert is generated, it will now create a new issue in your Jira project.
What data is sent to your tool?
It’s important to know that once you set up an integration you will be sending alert data to the third party tool of your choosing. We send the alert title, description, and context which can include:
The name of the actor and their profile picture
The name of the subject, which can be a person or an entity (such as a space, project, or policy)
The site URL or page URL where the activity happened.
We respect the visibility settings in the actor’s Atlassian Account profile. If the actor has chosen not to share their profile picture with their Atlassian organization, we respect that setting.
You should make sure that it’s appropriate for this data to be shared with your third party tool before setting up the integration.
Was this helpful?