You can connect the Prism Platform with a Jira instance, enabling you to raise tickets within your Jira environment straight from the Prism Platform. This ensures that issue data in the Prism Platform and your Jira environment remain synchronised.
Once a Jira ticket is moved to ‘Done’, the status for the corresponding issue in the Prism Platform will be automatically marked as Remediated. This process eliminates the need to update the status of an issue in two places.
Integration Overview
The Prism Platform’s integration with Jira utilises Jira’s public API to create and track the status of exported issues in Jira.
Warning! Prism supports the Jira Cloud API v3 only. Any clients with locally installed versions currently only support v2 of this API. This is due to end by 2024 (https://developer.atlassian.com/developer-guide/moving-from-server-to-cloud-for-developers/ ) and will therefore not be supported by Prism for support, compatibility, and security reasons.
Operation
The Prism Platform & Jira integration is based on a push/pull operation whereby the Prism Platform initiates a connection to Jira to either send data (push) or to retrieve data (pull).
An example of sending (pushing) data is when Prism exports an issue to Jira.
An example of retrieving (pulling) data is when Prism queries Jira for the status of an already-exported issue
Important! Jira does not initiate any communications to the Prism Platform. Any communication between the Prism Platform and Jira is only ever initiated by the Prism Platform
During the export of an issue from the Prism Platform to Jira, the Prism Platform will retrieve the unique Issue ID and Issue URL that is assigned by Jira (once the issue has been created)
The Prism Platform will associate the Jira Issue ID and URL with the corresponding issue stored in the Prism Platform. This allows the Prism Platform to ‘track’ the corresponding Jira Issue by periodically querying Jira for any status change(s),
When the status of Jira Issue changes to a completed state, such as “DONE” or “RESOLVED”, this change will be detected by the Prism Platform during the next periodic status check.
Once a tracked Jira Issue has changed to a completed state, and the Prism Platform has detected this change, the status of the corresponding issue in the Prism Platform will be changed to Remediated.
Please Note: When a Jira Issue is changed to a completed state, this status change is not immediately updated in the Prism Platform - the Prism Platform queries Jira every 15 minutes to check for status changes across all tracked issues.
Warning! Once an issue has been exported from the Prism Platform to Jira, if the the corresponding Jira Issue is then copied to a new Jira Issue, the Prism Platform will not be able to locate nor track/update the status of the new Jira Issue in the Prism Platform.
Set Up
Step 1: Navigate to Connected Accounts on the Menu.
Step 2: Click on ‘Configuration’ under Jira.
Step 3: Prism will ask you for the host URL to your Jirasubscription, e.g. https://company.atlassian.net/
Step 4: Enter your username. This will normally be an email address associated with your Atlassian account.
Step 5: Enter your API key. To do this, you can select the tooltip and click ‘Click Here’ to generate the key.
The link will take you to the page for creating an API token (https://id.atlassian.com/manage-profile/security/api-tokens). Click ‘Create API token’, copy it, and paste it into the API key field shown above.
Step 6: Click ‘Save’.
Once the connection is confirmed, Prism will ask you to correlate Prism’s threat levels with your current priority settings within Jira. This will enable Prism and Jira to apply the appropriate priority and urgency to the reporting of issues.
Export an Issue to Jira
You can export issues from Prism to your JIRA project board from the following interfaces of the platform:
Phase view
Individual issue view
You can export issues individually or in bulk.
Export a Single Issue
Step 1: Navigate to Results on the Menu, and then Issues.
Step 2: Click on the three-dots menu to the right-hand side of the issue you would like to export.
Step 3: Select ‘Export to Jira’.
Step 4: Confirm the Project and what type of issue it should be reported as, and then click ‘Export’.
The issue is then sent to the associated backlog list for the selected Project.
You will see the following information within Jirafor the exported issue:
Link to Prism issue
Finding Title
Summary
Technical Details
Recommendation
Priority levels (assigned at setup by the user)
Prism labels for ease of tracking (example: prism_High, prism_import)
Reporter details
Export Issues in Bulk
You can export issues in bulk in two ways.
Checkbox individual issues
Step 1: Navigate to Results on the Menu, and then Issues.
Step 2: Select multiple issues using the checkboxes on the left-hand side.
Step 3: Click ‘Actions’ in the top right-hand corner.
Step 4: Select ‘Export to Jira’.
This will export the selected issues to your requested Jiraproject board.
2. Export full phase list of issues
Step 1: Navigate to Results on the Menu, and then Phases.
Step 2: Select the Phase containing the issues you would like to export.
Step 3: Click ‘Actions’ in the top right-hand corner.
Step 4: Select ‘Export’.
Step 5: Click ‘Export’, and then ‘Jira’.
You can then see which issues have been exported to Jira:
Jira Issue Status
Prism provides you with near real-time updates of the progress of each issue that has been exported to Jira. You can find a Jira Ticket dialog to the top right-hand corner of the corresponding Issue interface in Prism, which displays the current status of the Jira ticket.
Prism will track your Jira tickets progress and automatically mark an issue as remediated when the Resolution date and status of the ticket id set to Done.
We are aware of a discrepancy when using business projects within Jira. Currently, at the time of writing, Jira is not setting the Resolution Date of tickets marked as done within these project types. there are some workarounds detailed here (https://community.atlassian.com/t5/Jira-Software-questions/How-to-set-Resolution-time-for-Business-Project/qaq-p/2013257 ) to assist in setting this in order for Prism to update.
Regress Issues
You can regress items via Jira if the vulnerability status is ‘unverified remediation’.
This means, if issues have been marked as ‘done/resolved’ within Jira by accident, they can be moved back to ‘in progress’, and Prism will be updated.
When a ticked is closed or reopened in Jira, a comment is added to Prism’s respective vulnerability, so you are able to track for auditing and remediation purposes. For example, the comment will refer to the issue being set as remediated via Jira.
Export a Host to Jira
You can export an affected host to Jira.
Step 1: Navigate to Results on the Menu, and then Issues.
Step 2: Select an Issue.
Step 3: Under ‘Affected Hosts’, select the three-dots button next to the host you would like to export.
Step 4: Select ‘Export Jira…’.