JIRA Alerts

Prisma Cloud continually scans your environment for vulnerabilities using the threat data in the Intelligence Stream. Prisma Cloud can open JIRA issues when new vulnerabilities are detected in your environment. This mechanism lets you implement continuous vulnerability assessment and remediation by hooking directly into the developer’s workflow.
New JIRA issues are opened when new vulnerabilities are found. Issues are opened on a per-image basis. Each JIRA issue lists the new vulnerabilities discovered, and a list of vulnerabilities that have already been reported but were still detected.
JIRA issues are opened based on policy. For example, an issue would be created when all of the following conditions are met:
  • You have a rule that alerts on critical vulnerabilities,
  • The rule is associated with your JIRA alert profile,
  • The Prisma Cloud scanner finds a critical vulnerability in an image in your environment.
The following screenshot shows an example JIRA issue opened by Prisma Cloud.

Intelligent issue routing

You can leverage image labels to intelligently route alerts to the right team, and eliminate manual ticket triage. For example, if team-a is responsible for image-a, and a vulnerability is found in image-a, you could set up the alert to flow directly to team-a’s JIRA queue.
Intelligent routing depends on a Prisma Cloud feature called alert labels, where you define labels that Prisma Cloud should watch. When rules trigger, Prisma Cloud extracts the value of the label from the resource, and applies it to the next phase of alert processing. For JIRA alerts, you can use labels to specify the JIRA project key, JIRA labels, and JIRA issue assignee.
For example, if you have an image with the following labels:
group=front-end-group team=client-team business-app=my-business-app
You could configure Prisma Cloud to open issues about this specific image in the JIRA project defined by the group label.

Configuring alert frequency

You can configure the rate at which alerts are emitted. This is a global setting that controls the spamminess of the alert service. Alerts received during the specified period are aggregated into a single alert. For each alert profile, an alert is sent as soon as the first matching event is received. All subsequent alerts are sent once per period.
  1. Open Console, and go to
    Manage > Alerts
    .
  2. In
    Aggregate audits every
    , specify the maximum rate that alerts should be sent.
    You can specify
    Second
    ,
    Minute
    ,
    Hour
    ,
    Day
    .

Integrating Prisma Cloud with JIRA

Alert profiles specify which events should trigger the alert machinery, and to which channel alerts are sent. You can send alerts to any combination of channels by creating multiple alert profiles.
Alert profiles consist of two parts:
(1) Alert settings — Who should get the alerts, and on what channel?
Configure Prisma Cloud to integrate with your messaging service and specify the people or places where alerts should be sent. For example, configure the email channel and specify a list of all the email addresses where alerts should be sent. Or for JIRA, configure the project where the issue should be created, a long with the type of issue, priority, assignee, and so on.
(2) Alert triggers — Which events should trigger an alert to be sent?
Specify which of the rules that make up your overall policy should trigger alerts.
If you use multi-factor authentication, you must create an exception or app-specific password to allow Console to authenti