USM Anywhere™

AlienApp for Jira Actions

As USM Anywhere surfaces events, alarms, and vulnerabilities, your team determines which items require the opening of a new Atlassian Jira issue. Rather than manually opening each issue in the Jira user interface (UI) and entering the relevant alarm, event, or vulnerability information, you can use the AlienApp for Jira response actions to automatically create the Jira issue with the subject and description fields pre-populated with content from your USM Anywhere environment. The following table lists the available actions from the AlienApp.

Actions for the AlienApp for Jira
Action Function

Create a new issue from an alarm Alarms provide notification of an event or sequence of events that require attention or investigation.

Run this action to generate a new Jira issue directly from an alarm.

This action is available when you launch a response action directly from an alarm or a response action in an orchestration rule.

Create a new issue from a vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security.

Run this action to generate a new Jira issue directly from a vulnerability.

This action is available when you launch a response action directly from a vulnerability.

Create a new issue from an event Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.

Run this action to generate a new Jira issue directly from an event.

This action is available when you launch a response action directly from an event.

Create a new issue from event based orchestration rule

Run this action to generate a new Jira issue directly from an orchestration rule that triggers from a matching event.

This action is available when you launch a response action in an orchestration rule.

Upon execution of a response action, USM Anywhere generates the Jira issue and passes the associated information to that new issue.

Note: Before launching a Jira response action or creating a Jira response action rule, the AlienApp for Jira must be enabled and connected to your cloud-based Jira instance. See Configuring the AlienApp for Jira for more information.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed actions.

    View the history of executed Jira response actions

Launch Actions from USM Anywhere

You can launch an action directly from alarms, events, or vulnerabilities. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from the action applied to an alarm, event, or vulnerability.

Note: Before launching a Jira response action, the AlienApp for Jira must be enabled and connected to your Jira instance. See Configuring the AlienApp for Jira for more information.

To launch a Jira response action for an alarm, event, or vulnerability

  1. Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
  2. Click the alarm, event, or vulnerability to open the details.
  3. Click Select Action.

    Click Select Action in the vulnerability details

  4. In the Select Action dialog box, select the Jira tile.

    Select the Jira response action to run for the alarm or vulnerability

    This displays the options for the selected response app.

  5. (Optional.) If you have more than one USM Anywhere Sensor configured for the AlienApp for Jira, use the Select Sensor option to set the sensor that you want to use for the rule.
  6. Additional fields will be populated based on the action you've selected. Fill out the necessary fields for the app action.

  7. Define the information included in the new Jira issue:

    • Project Name: Select the name of the Jira project for ticket to be created in.
    • Issue Type: Select the issue type of the ticket.
    • Short Description: By default, this field contains the name of the alarm, event, or vulnerability. This is the text that populates the summary (heading) for the new Jira issue. You can change the text in this field before you run the action, if needed.
    • Description: Enter information in this field to populate description field for the Jira issue. Typically, this information describes what needs to be done to complete the open issue.

    • Priority: Assign the priority for the ticket created.
    • Components: Enter the component to be listed on the ticket. (Only available if the Jira Project is selected.)
    • Assignee: Enter the name of the user the ticket will be assigned to, or enter part of the name and select the user from the auto-complete list. (Only available if the Jira Project is selected.)
  8. Set the Project Key for the project where you want to create the new issue.

    The projects that are available for selection will depend on the projects that are permitted for the user account configured for the AlienApp for Jira.

  9. Set the Issue Type for the new issue.

    Set options to create a new Jira issue

    The issue types that are available for selection will depend on the types configured in your Jira instance for the selected project

  10. Click Run.

    After USM Anywhere initiates the action, it displays a confirmation dialog box.

    You can create a rule to launch a Jira response action for similar events or alarms

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.