Configure SIEM to Automatically Create JIRA Tickets by Alert
You can configure the notification endpoint to create a JIRA ticket in your preferred board, every time there is a new alert.
Pre-requisites
Make sure that you have permissions to create a task in the required JIRA board.
Create an API token for your Atlassian account.
Convert the API token using the following command:
echo -n <YOUR-EMAIL>:<YOUR-ATLASSIAN-API-TOKEN> | base64Replace
<YOUR-EMAIL>with the email for your attlassian account and<YOUR-ATLASSIAN-API-TOKEN>with the API token for your Atlassian account.
Add a JIRA notification endpoint
To add a pre-configured notification endpoint:
Sign in to Logz.io as an administrator user.
Go to Settings > Notification endpoints.
Select + Add endpoint.
Select Custom from the Type menu.
Add a name for this endpoint.
If required, add a description for the endpoint.
Provide the URL to your JIRA board as follows:
https://<tenantname>.atlassian.net/rest/api/3/issue. Replace<tenantname>with the name of your JIRA domain stated before.atlassian.Select POST from the Method menu.
Enter the following header into the Headers field:
authorization= Basic <API-TOKEN>. Replace<API-TOKEN>with the API token to your Atlassian account.Add the following code as the payload:
{
"fields": {
"project": {
"key": <project board key>
},
"summary": "",
"issuetype": {
"name": <board specific issue type>
},
"description": {
"type": "doc",
"version": 1,
"content": [
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": ""
}
]
}
]
}
}
}Replace
<project board key>with the key of your JIRA project board. Replace<board specific issue type>with the issue type specific to your project board.
- Select Add endpoint.