Jira
Integration version: 41.0
Configure Jira to work with Google Security Operations SOAR
Create an API token
Create an API token from your Atlassian account:
- Log in to your Atlassian Account.
- Click Create API token.
- From the dialog that appears, enter a memorable and concise Label for your token and click Create.
- Click Copy to clipboard, then paste the token somewhere secure to save.
Configure Jira integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
| Description | String | N/A | No | Description of the Instance. |
| Api Root | String | https://{jira_address} | Yes | Address of the Jira instance. |
| Username | String | N/A | Yes | A username that should be used to connect to Jira. |
| Api Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination. |
| Verify SSL | Checkbox | Unchecked | No | Use this checkbox, if your Jira connection requires an SSL verification. |
| Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Add Comment
Description
Composing comments to an issue is an effective way to document further elements about an issue and participate with team members.
Parameters
| Parameters | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | The issue key of the issue. Example: ABC-123 |
| Comment | String | N/A | Yes | The comment content to add to the issue. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| comment_id | N/A | N/A |
JSON Result
N/A
Assign Issue
Description
Assign an issue to a specific user. Jira username could be for example name or mail. For the new Jira API, the action tries to find a match for the assignee to assign an issue based on user email, and then tries with the displayName field.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | The issue key of the issue. |
| Assignee | String | N/A | Yes | The new assignee of the issue. |
| Jira Username | String | N/A | No | The Jira username of the initiator of the action. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
Create Alert Issue
Description
Assign an incident to a particular group.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Project Key | String | N/A | Yes | The key of the project to create the issue in. |
| Summary | String | N/A | Yes | The summary of the issue. |
| Issue Type | String | N/A | Yes | The type of the issue. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| issue_key | N/A | N/A |
JSON Result
{
"comment":
{
"total": 0,
"startAt": 0,
"comments": [],
"maxResults": 0
},
"Creator":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1user",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"aggregatetimeestimate": null,
"labels": ["Label1"],
"aggregatetimespent": null,
"watches":
{
"self": "",
"watchCount": 1,
"isWatching": false
},
"Assignee":
{
"displayName": "user2",
"name": "user2",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user2",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": ""
},
"lastViewed": "2019-01-22T10:14:02.910+0200",
"issuelinks": [],
"worklog":
{
"worklogs": [],
"total": 0,
"startAt": 0,
"maxResults": 20
},
"aggregateprogress":
{
"progress": 0,
"total": 0
},
"priority":
{
"iconUrl": "",
"self": "",
"name": "Medium",
"id": "3"
},
"votes":
{
"hasVoted": false,
"self": "", "votes": 0
},
"workratio": -1,
"fixVersions": [],
"environment": null,
"timespent": null,
"attachment":
[{
"mimeType": "binary/octet-stream",
"created": "2018-06-19T15:23:07.369+0300",
"self": "",
"Author":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"filename": "file.rar",
"content": "",
"id": "0",
"size": 0
}],
"progress": {"progress": 0,
"total": 0},
"duedate": null,
"status":
{
"statusCategory":
{
"name": "Done",
"self": "",
"id": 3,
"key": "done",
"colorName": "green"
},
"description": "",
"self": "",
"iconUrl": "",
"id": "0",
"name": "DONE"
},
"updated": "2018-09-18T10:02:06.347+0300",
"subtasks": [],
"description": "Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance",
"reporter":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"timeoriginalestimate": null,
"aggregatetimeoriginalestimate": null,
"created": "2018-06-19T15:23:13.701+0300",
"versions": [],
"resolutiondate": "2018-09-18T10:02:06.340+0300",
"summary": "Sample issue",
"project":
{
"name": "Project 1",
"self": "",
"projectTypeKey": "software",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"key": "PR",
"id": "0"
},
"timetracking": {},
"components": [],
"issuetype":
{
"name": "Task",
"self": "",
"iconUrl": "",
"subtask": false,
"avatarId": 10318,
"id": "10002",
"description": "A task that needs to be done."
},
"security": null,
"resolution":
{
"id": "10000",
"self": "",
"description": "Work has been completed on this issue.",
"name": "Done"
},
"timeestimate": null
}
Create Issue
Description
Create an issue in a project. Jira username could be for example name or mail. For the new Jira API, the action tries to find a match for the assignee to assign an issue based on user email, and then tries with the displayName field.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Project Key | String | N/A | Yes | The key of the project to create an issue in. |
| Summary | String | N/A | Yes | The summary of the issue. |
| Description | String | N/A | Yes | The description of the issue. |
| Issue Type | String | N/A | Yes | The type of the issue. |
| Assignee | String | N/A | No | The new assignee of the issue. |
| Jira Username | String | N/A | No | The Jira username of the initiator of the action. |
| Components | String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
| Labels | String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
| Custom Fields | JSON | N/A | No | Specify a JSON object containing all of the fields and values that will be used during issue creation. Note: This parameter has priority and all of the fields are overwritten with the value that is provided for this parameter. Example: {"field":"value"} |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| issue_key | N/A | N/A |
JSON Result
N/A
Delete Issue
Description
Delete an issue.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | The key of the issue to delete. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Download Attachments
Description
Get an Issue key and download all attachments. If one of them is an EML file, then download inside the attachments as well.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | The key of the issue. |
| Download Path | String | N/A | No | The path where save the attachments. |
| Download Attachments to the Case Wall | Checkbox | Unchecked | No | If enabled, the action downloads the Jira issue attachments to the current Google Security Operations SOAR alert case wall. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
{
"comment":
{
"total": 0,
"startAt": 0,
"comments": [],
"maxResults": 0
},
"creator":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1user",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"aggregatetimeestimate": null,
"labels": ["Label1"],
"aggregatetimespent": null,
"watches":
{
"self": "",
"watchCount": 1,
"isWatching": false
},
"assignee":
{
"displayName": "user2",
"name": "user2",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user2","active": true,
"timeZone": "Asia/Jerusalem",
"accountId": ""
},
"lastViewed": "2019-01-22T10:14:02.910+0200",
"issuelinks": [],
"worklog":
{
"worklogs": [],
"total": 0,
"startAt": 0,
"maxResults": 20
},
"aggregateprogress":
{
"progress": 0,
"total": 0
},
"Priority":
{
"iconUrl": "",
"self": "",
"name": "Medium",
"id": "3"
},
"Votes":
{
"hasVoted": false,
"self": "",
"votes": 0
},
"workratio": -1,
"fixVersions": [],
"environment": null,
"timespent": null,
"attachment":
[{
"mimeType": "binary/octet-stream",
"created": "2018-06-19T15:23:07.369+0300",
"self": "",
"author":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"filename": "file.rar",
"content": "",
"id": "0",
"size": 0
}],
"progress":
{
"progress": 0,
"total": 0
},
"duedate": null,
"status":
{
"statusCategory":
{
"name": "Done",
"self": "",
"id": 3,
"key": "done",
"colorName": "green"
},
"description": "",
"self": "",
"iconUrl": "",
"id": "0",
"name": "DONE"
},
"updated": "2018-09-18T10:02:06.347+0300",
"subtasks": [],
"description": "Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance",
"reporter":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"timeoriginalestimate": null,
"aggregatetimeoriginalestimate": null,
"created": "2018-06-19T15:23:13.701+0300",
"versions": [],
"resolutiondate": "2018-09-18T10:02:06.340+0300",
"summary": "Sample issue",
"project":
{
"name": "Project 1",
"self": "",
"projectTypeKey": "software",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"key": "PR",
"id": "0"
},
"timetracking": {},
"components": [],
"issuetype":
{
"name": "Task",
"self": "",
"iconUrl": "",
"subtask": false,
"avatarId": 10318,
"id": "10002",
"description": "A task that needs to be done."
},
"security": null,
"resolution":
{
"id": "10000",
"self": "",
"description": "Work has been completed on this issue.",
"name": "Done"
},
"timeestimate": null
}
Get Issues
Description
Get the details of an issue by keys.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Keys | String | N/A | Yes | The keys of the issues to fetch separated by a comma. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| issues_details_list | True/False | issues_details_list:False |
JSON Result
{
"comment":
{
"total": 0,
"startAt": 0,
"comments": [],
"maxResults": 0
},
"creator":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1user",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"aggregatetimeestimate": null,
"labels": ["Label1"],
"aggregatetimespent": null,
"watches":
{
"self": "",
"watchCount": 1,
"isWatching": false
},
"assignee":
{
"displayName": "user2",
"name": "user2",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user2","active": true,
"timeZone": "Asia/Jerusalem",
"accountId": ""
},
"lastViewed": "2019-01-22T10:14:02.910+0200",
"issuelinks": [],
"worklog":
{
"worklogs": [],
"total": 0,
"startAt": 0,
"maxResults": 20
},
"aggregateprogress":
{
"progress": 0,
"total": 0
},
"Priority":
{
"iconUrl": "",
"self": "",
"name": "Medium",
"id": "3"
},
"Votes":
{
"hasVoted": false,
"self": "",
"votes": 0
},
"workratio": -1,
"fixVersions": [],
"environment": null,
"timespent": null,
"attachment":
[{
"mimeType": "binary/octet-stream",
"created": "2018-06-19T15:23:07.369+0300",
"self": "",
"author":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"filename": "file.rar",
"content": "",
"id": "0",
"size": 0
}],
"progress":
{
"progress": 0,
"total": 0
},
"duedate": null,
"status":
{
"statusCategory":
{
"name": "Done",
"self": "",
"id": 3,
"key": "done",
"colorName": "green"
},
"description": "",
"self": "",
"iconUrl": "",
"id": "0",
"name": "DONE"
},
"updated": "2018-09-18T10:02:06.347+0300",
"subtasks": [],
"description": "Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance",
"reporter":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"timeoriginalestimate": null,
"aggregatetimeoriginalestimate": null,
"created": "2018-06-19T15:23:13.701+0300",
"versions": [],
"resolutiondate": "2018-09-18T10:02:06.340+0300",
"summary": "Sample issue",
"project":
{
"name": "Project 1",
"self": "",
"projectTypeKey": "software",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"key": "PR",
"id": "0"
},
"timetracking": {},
"components": [],
"issuetype":
{
"name": "Task",
"self": "",
"iconUrl": "",
"subtask": false,
"avatarId": 10318,
"id": "10002",
"description": "A task that needs to be done."
},
"security": null,
"resolution":
{
"id": "10000",
"self": "",
"description": "Work has been completed on this issue.",
"name": "Done"
},
"timeestimate": null
}
List Issues
Description
Search for issues.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Project Names | String | N/A | No | The names of the projects to search in, comma-separated. |
| Summary | String | N/A | No | The summary to filter by. |
| Description | String | N/A | No | The description to filter by. |
| Issue Types | String | Bug | No | The issue types to filter by. |
| Priorities | String | N/A | No | The priority to filter by. |
| Created From | String | N/A | No | The earliest creation date to filter by. Format: YYYY/MM/DD. |
| Updated From | String | N/A | No | The earliest update date to filter by. Format: YYYY/MM/DD. |
| Assignees | String | N/A | No | The name of the assignees to filter by, comma-separated. |
| Reporter | String | N/A | No | The name of the reporters to filter by, comma-separated. |
| Statuses | String | N/A | No | The statuses to filter by, comma-separated. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| issues | True/False | issues:False |
JSON Result
[ "PR-123", "PR-124"]
Ping
Description
Verifies that the user has a connection to Jira through the user's device.
Parameters
This action has no input parameters.
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Update Issue
Description
Update an issue. For the new Jira API, the action tries to find a match for the assignee to assign an issue based on user email, and then tries with the displayName field.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | The key of the issue to update. |
| Status | String | N/A | No | Specify the relevant transition name, to transition this issue to the new desired status. |
| Summary | String | N/A | No | The new summary of the issue. |
| Description | String | N/A | No | The new description of the issue. |
| Issue Type | String | N/A | No | The new type of the issue. |
| Assignee | String | N/A | No | The new assignee of the issue. |
| Jira Username | String | N/A | No | The Jira username of the action initiator. |
| Components | String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
| Custom Fields | JSON | NA | No | Specify a JSON object containing all of the fields and values that are used during issue creation. Note: This parameter has priority and all of the fields are overwritten with the value that is provided for this parameter. Example: {"field":"value"} |
| Labels | String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| Success | True/False | Success:False |
JSON Result
{
"comment":
{
"total": 0,
"startAt": 0,
"comments": [],
"maxResults": 0
},
"creator":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1user",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"aggregatetimeestimate": null,
"labels": ["Label1"],
"aggregatetimespent": null,
"watches":
{
"self": "",
"watchCount": 1,
"isWatching": false
},
"assignee":
{
"displayName": "user2",
"name": "user2",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user2",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": ""
},
"lastViewed": "2019-01-22T10:14:02.910+0200",
"issuelinks": [],
"Worklog":
{
"worklogs": [],
"total": 0,
"startAt": 0,
"maxResults": 20
},
"aggregateprogress":
{
"progress": 0,
"total": 0
},
"Priority":
{
"iconUrl": "",
"self": "",
"name": "Medium",
"id": "3"
},
"votes":
{
"hasVoted": false,
"self": "",
"votes": 0
},
"workratio": -1,
"fixVersions": [],
"environment": null,
"timespent": null,
"attachment":
[{
"mimeType": "binary/octet-stream",
"created": "2018-06-19T15:23:07.369+0300",
"self": "",
"author":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"filename": "file.rar",
"content": "",
"id": "0",
"size": 0
}],
"progress":
{
"progress": 0,
"total": 0
},
"duedate": null,
"status":
{
"statusCategory":
{
"name": "Done",
"self": "",
"id": 3,
"key": "done",
"colorName": "green"
},
"description": "",
"self": "",
"iconUrl": "",
"id": "0",
"name": "DONE"
},
"updated": "2018-09-18T10:02:06.347+0300",
"subtasks": [],
"description": "Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance",
"reporter":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"timeoriginalestimate": null,
"aggregatetimeoriginalestimate": null,
"created": "2018-06-19T15:23:13.701+0300",
"versions": [],
"resolutiondate": "2018-09-18T10:02:06.340+0300",
"summary": "Sample issue",
"project":
{
"name": "Project 1",
"self": "",
"projectTypeKey": "software",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"key": "PR",
"id": "0"
},
"timetracking": {},
"components": [],
"issuetype":
{
"name": "Task",
"self": "",
"iconUrl": "",
"subtask": false,
"avatarId": 10318,
"id": "10002",
"description": "A task that needs to be done."
},
"security": null,
"resolution":
{
"id": "10000",
"self": "",
"description": "Work has been completed on this issue.",
"name": "Done"
},
"timeestimate": null
}
Upload Attachment
Description
Add an attachment to an issue.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | File Paths. |
| File Paths | String | N/A | Yes | The paths of the files to upload, comma-separated. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Link Issues
Description
Link multiple issues in Jira.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Inward Issue ID | String | N/A | Yes | Specify a comma-separated list of inward issue IDs. For example, if the relation type is "Blocks", then in the UI you would see this issue with relation "blocked by". |
| Outward Issue IDs | CSV | N/A | Yes | Specify the outward issue ID. For example, if the relation type is "Blocks", then in the UI you would see this issue with relation "blocks". |
| Relation Type | String | Blocks | Yes | Specify the relation type that will be used to link multiple issues. A list of all available relation types is available in the "List Relation Types" action. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If the 201 status code is reported for some issues (is_success = true): "Successfully linked issue "{source issue}" with the following issues in Jira: {destination issues}". If the 404 status code and the "Issue Does Not Exist" error is reported for one issue (is_success=true): "Action wasn't able to find the following destination issues in Jira: {jira issues that were not found}". If the 404 status code and the "Issue Does Not Exist" error is reported for all issues (is_success=false): "None of the destination issues were found in Jira." The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to server, other is reported: "Error executing action". Reason: {0}''.format(error.Stacktrace) If source issue is not found: "Error executing action". Reason: source issue "{source issue}" was not found in Jira. Please check the spelling'. If the 404 status code and it is not the "Issue Does Not Exist"error for at least one: "Error executing action". Reason: {error messages}. |
General |
List Relation Types
Description
List available relation types in Jira.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Filter Key | DDL | Select One Possible Values:
|
No | Specify the key that needs to be used to filter {item type}. |
| Filter Logic | DDL | Not Specified Possible Values:
|
No | Specify what filter logic should be applied. Filtering logic is working based on the value provided in the "Filter Key" parameter. |
| Filter Value | String | N/A | No | Specify what value should be used in the filter. If "Equal" is selected, the action will try to find the exact match among results. If "Contains" is selected, the action will try to find results that contain the specified substring. If nothing is provided in this parameter, the filter will not be applied. Filtering logic is working based on the value provided in the "Filter Key" parameter. |
| Max Records To Return | Integer | 50 | No | Specify the number of records to return. If nothing is provided, the action returns 50 records. |
Run On
This action doesn't run on entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[{
"id": "10000",
"name": "Blocks",
"inward": "is blocked by",
"outward": "blocks",
"self": "http://172.30.201.69:8080/rest/api/2/issueLinkType/10000"
}]
Case Wall
| Result Type | Value / Description | Type |
|---|---|---|
| Output message* | The action should not fail nor stop a playbook execution: If data is available (is_success = true): "Successfully found relation types for the provided criteria in Jira". If data is not available (is_success=false): "No relation types were found for the provided criteria in Jira" If the "Filter Value" parameter is empty (is_success=true): "The filter was not applied, because parameter "Filter Value" has an empty value." The action should fail and stop a playbook execution: If the "Filter Key" parameter is set to "Select One" and the "Filter Logic" is set to "Equal" or "Contains": Error executing action "{action name}". Reason: you need to select a field from the "Filter Key" parameter." If invalid value is provided for Max Records to Return: "Error executing action "{action name}". Reason: "Invalid value was provided for "Max Records to Return": . Positive number should be provided"." If fatal error, like wrong credentials, no connection to server, other is reported: "Error executing action "{action name}". Reason: {0}''.format(error.Stacktrace) |
General |
| Case Wall Table | Table Name: Available Relation Table Columns:
|
General |
Search Users
Search users in Jira.
Entities
This action doesn't run on entities.
Action inputs
To configure the action, use the following parameters:
| Parameters | |
|---|---|
User Email Addresses |
Optional
Comma-separated list of email addresses to return the users for. |
User Names |
Optional
Comma-separated list of usernames to return the users for. |
Project |
Optional
Name of the project to search email addresses in. If provided, only
|
Action outputs
| Action output type | |
|---|---|
| Case wall attachment | N/A |
| Case wall link | N/A |
| Case wall table | N/A |
| Enrichment table | N/A |
| JSON result | Available |
| Script result | Available |
Script result
| Script result name | Value |
|---|---|
| is_success | True/False |
JSON result
[
{
"Entity": "example",
"EntityResult": {
"_resource": "user?accountId={0}",
"_options": {
"server": "https://siemplify.atlassian.net",
"auth_url": "/rest/auth/1/session",
"context_path": "/",
"rest_path": "api",
"rest_api_version": "2",
"agile_rest_path": "agile",
"agile_rest_api_version": "1.0",
"verify": false,
"resilient": true,
"async": false,
"async_workers": 5,
"client_cert": null,
"check_update": false,
"delay_reload": 0,
"headers": {
"Cache-Control": "no-cache",
"Content-Type": "application/json",
"X-Atlassian-Token": "no-check"
}
},
"_session": "<jira.resilientsession.ResilientSession object>",
"_base_url": "{server}/rest/{rest_path}/{rest_api_version}/{path}",
"raw": {
"self": "https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id",
"accountId": "example-account-id",
"accountType": "atlassian",
"emailAddress": "example.user",
"avatarUrls": {
"48x48": "https://example.com"
},
"displayName": "Example",
"active": true,
"timeZone": "UTC",
"locale": "en_US"
},
"self": "https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id",
"accountId": "example-account-id",
"accountType": "atlassian",
"emailAddress": "example.user",
"avatarUrls": "<jira.resources.PropertyHolder object>",
"displayName": "Example",
"active": true,
"timeZone": "UTC",
"locale": "en_US"
}
}
]
Case wall
The action provides the following output messages:
| Output message | Message description |
|---|---|
|
Action succeeded. |
Error executing action "Search Users".
Reason: ERROR_REASON |
Action failed. Check connection to the server, input parameters, or credentials. |
Connectors
Jira Connector
Description
Fetch issues from Jira to Google Security Operations SOAR.
Configure Jira Connector in Google Security Operations SOAR
For detailed instructions on how to configure a connector in Google Security Operations SOAR, see Configuring the connector.
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| DeviceProductField | String | device_product | Yes | The field name used to determine the device product. |
| EventClassId | String | name | No | The field name used to determine the event name (sub-type). |
| PythonProcessTimeout | String | 60 | Yes | The timeout limit (in seconds) for the python process running current script. |
| API Root | String | https://{jira_address} | Yes | The API root of the Jira instance. |
| Username | String | N/A | Yes | N/A |
| API Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
| Days Backwards | Integer | 5 | No | Max number of days backwards to pull alerts from. |
| Max Tickets Per Cycle | Integer | 10 | No | Max tickets to fetch and process in one connector cycle. |
| Project Names | String | N/A | No | Project names separated by a comma. |
| Issue Statuses | String | N/A | No | Issues' statuses separated by a comma. |
| Assignees | String | N/A | No | Users' full names separated by a comma. |
| Issue Types | String | N/A | No | Issue types separated by a comma. |
| Issue Priorities | String | N/A | No | Issue priorities separated by a comma. |
| Issue Components | String | N/A | No | Issue components separated by a comma. |
| Proxy Server Address | String | N/A | No | The address of the proxy server to use. |
| Proxy Username | String | N/A | No | The proxy username to authenticate with. |
| Proxy Password | Password | N/A | No | The proxy password to authenticate with. |
| Environment Field Name | String | "" | No | Describes the name of the field where the environment name is stored. If the environment field isn't found, the environment is the default environment. |
| Environment Regex Pattern | String | .* | No | A regex pattern to run on the value found in the "Environment Field Name" field. Default is .* to catch all and return the value unchanged. Used to allow the user to manipulate the environment field via regex logic. If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
Connector Rules
Proxy Support
The connector supports proxy.
Dynamic list and blocklist
The connector supports dynamic list and blocklist rules only for specific labels inside Jira.
Jobs
Sync Closure Job
Description
Close tickets in Jira if corresponding Google Security Operations SOAR alerts were closed.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://{jira_address} | Yes | Jira instance api root url. |
| Username | String | N/A | Yes | Username to connect to Jira instance. |
| API Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
| Project Names | String | project names separated by a comma | Yes | Jira project names separated by a comma that job should monitor. |
| Max Days Backwards | Integer | 1 | Yes | Maximum number of days to sync tickets status backward. |
Sync Comments Job
Description
Sync comments between the Google Security Operations SOAR case and the corresponding Jira ticket. Synchronizing is bidirectional—that is, from Google Security Operations SOAR to Jira and from Jira to Google Security Operations SOAR.
This job supports Google Security Operations SOAR cases with the Jira tag only.
When the job creates a comment, it applies the prefix. If a Google Security Operations SOAR user comments in the Google Security Operations SOAR case, the job creates and synchronizes the user comment in the corresponding Jira ticket using the Chronicle Comment Prefix parameter.
This feature is added for two purposes:
- Visibility.
- Prevent comments added by the job from being synced again to the other side, and cause a loop.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://{jira_address} | Yes | Jira instance api root url. |
| Username | String | N/A | Yes | Username to connect to Jira instance. |
| API Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
| Project Names | String | project names separated by comma | Yes | Jira project names separated by comma that job should monitor. |
| Max Days Backwards | Integer | 1 | Yes | Maximum number of days to sync tickets status backwards. |
| Siemplify Comment Prefix | String | SIEMPLIFY: | Yes | Prefix that is added by the sync job to comments created for Jira tickets. |
| Jira Comment Prefix | String | Jira Comment Sync Job: | Yes | Prefix that is added by the sync job to the Google Security Operations SOAR alert case comments. |