Create JIRA Tickets Through SIEM Alerts
You can configure your notification endpoints to automatically create JIRA tickets based on triggered alerts.
Pre-requisites
Make sure that you have the required permissions to create a task in the required JIRA board.
Create an API token for your Atlassian account.
Convert the API token using the following command:
echo -n <YOUR-EMAIL>:<YOUR-ATLASSIAN-API-TOKEN> | base64Replace
<YOUR-EMAIL>with the email for your attlassian account and<YOUR-ATLASSIAN-API-TOKEN>with the API token for your Atlassian account.
Add a JIRA notification endpoint
Navigate to your Logz.io SIEM account > Settings > Notification endpoints.
Select + Add endpoint to open the configuration wizard, and select Custom.
Next:
Name your endpoint and, if required, provide a description of the endpoint
Provide the URL to your JIRA board as follows:
https://<tenantname>.atlassian.net/rest/api/3/issue. Replace<tenantname>with the name of your JIRA domain stated before.atlassianSelect POST from the Method menu
Enter the following header into the Headers field:
authorization= Basic <API-TOKEN>. Replace<API-TOKEN>with the API token to your Atlassian accountAdd the following code as the payload:
{
"fields": {
"project": {
"key": <project board key>
},
"summary": "YOUR_SUMMARY",
"issuetype": {
"name": <board specific issue type>
},
"description": {
"type": "doc",
"version": 1,
"content": [
{
"type": "paragraph",
"content": [
{
"type": "text",
"text": "YOUR_TEXT"
}
]
}
]
}
}
}Replace
<project board key>with the key of your JIRA project board. Replace<board specific issue type>with the issue type specific to your project board.
Click Add a new endpoint to save.