USM Anywhere™

Configuring the AlienApp for Jira

Role Availability Read-Only Analyst Manager

When the AlienApp for Jira is enabled and connected to your Atlassian Jira Service Desk or Jira Software instance, you can launch response actions and create response action rules to send data from USM Anywhere to the instance and create new issues. See AlienApp for Jira Orchestration for more information about the response actions supported by the AlienApp for Jira.

Important: The AlienApp for Jira integration works with the Cloud deployment of Jira Service Desk and Jira Software. The Server deployment (self-managed) is not currently supported.

AlienApp for Jira Requirements

Before you configure the AlienApp for Jira, make sure you have these integration requirements.

  • Fully-qualified domain name (FQDN) for your Jira instance
  • User account that USM Anywhere will use to access the Jira instance

    This user account must have access to the projects where you want to create issues from threats detected by USM Anywhere and rights to create an API token.

Note: Depending on the way that you want the AlienApp for Jira to fit into your processes, you should determine if you want to use an existing user account or create a new user account in your Jira instance to be used exclusively for USM Anywhere.

If you are an analyst and you are manually opening issues in response to alarms and vulnerabilities, it may be appropriate to use the same account that you use to manage issues in the Jira user interface (UI). However, if you plan to use rules primarily to generate issues automatically, a user account that is specific to USM Anywhere works well and makes it easy to filter these issues in Jira dashboards.

Get Your API Token in Jira

Before you can use the AlienApp for Jira to collect and analyze Jira log data within USM Anywhere, you must have an API token that can be used to connect to the Jira APIs. Jira issues an API token for a specific user account and all requests with that token act on behalf of that user.

To acquire an API token for Jira

  1. Go to https://confluence.atlassian.com/cloud/api-tokens-938839638.html and follow the vendor instructions to generate the token.
  2. Copy the token to be entered in USM Anywhere.

Important: If you generate a new API token or key at some point in the future, it will revoke the existing token making the connection unauthorized. Therefore, you must update the token in USM Anywhere accordingly.

Configure the Jira Connection in USM Anywhere

To support the response actions in USM Anywhere, you must configure a connection with the Jira instance. This connection enables the AlienApp to perform operations using the Jira Representational State Transfer (REST) APIs. The user account that you use for the connection requires Create and Read permissions for one or more Jira projects where you want to create new issues from USM Anywhere.

To configure the Jira connection

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  6. Specify the connection information for Jira:

    Configure API dialog box

    • Instance Name: Enter the FQDN for your cloud-based instance. For example, if you access your cloud-based instance at https://mycorp.atlassian.net, you must enter mycorp.atlassian.net in this field.

    • Username: Enter the email address for the account you used to create the API token. USM Anywhere uses this as the username to access your cloud-based instance.
    • API Key: Click Change API Key and enter the API token created with the account.
  7. Click Save.
  8. Verify the connection.

    After USM Anywhere completes a successful connection to the Jira instance and the APIs, a icon displays in the Health column.

    Check the connection status for the AlienApp

    If the icon appears, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Jira connection.