Prisma Cloud Compute Edition Administrator’s Guide
    : JIRA Alerts
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Alerts
    6. JIRA Alerts
    Download PDF

    Prisma Cloud Compute Edition Administrator’s Guide

    JIRA Alerts

    Table of Contents

    JIRA Alerts

    Prisma Cloud continually scans your environment for vulnerabilities using the threat data in the Intelligence Stream. Prisma Cloud can open JIRA issues when new vulnerabilities are detected in your environment. This mechanism lets you implement continuous vulnerability assessment and remediation by hooking directly into the developer’s workflow.
    New JIRA issues are opened when new vulnerabilities are found. Issues are opened on a per-image basis. Each JIRA issue lists the new vulnerabilities discovered, and a list of vulnerabilities that have already been reported but were still detected.
    JIRA issues are opened based on policy. For example, an issue would be created when all of the following conditions are met:
    • You have a rule that alerts on critical vulnerabilities,
    • The rule is associated with your JIRA alert profile,
    • The Prisma Cloud scanner finds a critical vulnerability in an image in your environment.
    The following screenshot shows an example JIRA issue opened by Prisma Cloud.

    Intelligent issue routing

    You can leverage image labels to intelligently route alerts to the right team, and eliminate manual ticket triage. For example, if team-a is responsible for image-a, and a vulnerability is found in image-a, you could set up the alert to flow directly to team-a’s JIRA queue.
    Intelligent routing depends on a Prisma Cloud feature called alert labels, where you define labels that Prisma Cloud should watch. When rules trigger, Prisma Cloud extracts the value of the label from the resource, and applies it to the next phase of alert processing. For JIRA alerts, you can use labels to specify the JIRA project key, JIRA labels, and JIRA issue assignee.
    For example, if you have an image with the following labels:
    group=front-end-group
team=client-team
business-app=my-business-app
    You could configure Prisma Cloud to open issues about this specific image in the JIRA project defined by the group label.

    Configuring alert frequency

    You can configure the rate at which alerts are emitted. This is a global setting that controls the spamminess of the alert service. Alerts received during the specified period are aggregated into a single alert. For each alert profile, an alert is sent as soon as the first matching event is received. All subsequent alerts are sent once per period.
    1. Open Console, and go to
      Manage > Alerts
      .
    2. In
      General settings
      , select the default frequency for all alerts.
      You can specify
      Second
      ,
      Minute
      ,
      Hour
      ,
      Day
      .

    Integrating Prisma Cloud with JIRA

    Alert profiles specify which events should trigger the alert machinery, and to which channel alerts are sent. You can send alerts to any combination of channels by creating multiple alert profiles.
    Alert profiles consist of two parts:
    (1) Alert settings — Who should get the alerts, and on what channel?
     Configure Prisma Cloud to integrate with your messaging service and specify the people or places where alerts should be sent. For example, configure the email channel and specify a list of all the email addresses where alerts should be sent. Or for JIRA, configure the project where the issue should be created, along with the type of issue, priority, assignee, and so on.
    (2) Alert triggers — Which events should trigger an alert to be sent?
     Specify which of the rules that make up your overall policy should trigger alerts.
    If you use multi-factor authentication, you must create an exception or app-specific password to allow Console to authenticate to the service.

    Create new alert profile

    Create a new alert profile.
    1. In
      Manage > Alerts
      , click
      Add profile
      .
    2. Enter a name for your alert profile.
    3. In
      Provider
      , select
      JIRA
      .

    Configure the channel

    Configure the channel.
    1. In
      Base URL
      , specify the location of your JIRA service.
    2. In
      Credential
      , create the credentials required to access the account.
      1. Click
        Add new
        .
      2. Select
        Basic authentication
        .
      3. Enter a username and password.
        If you are using Jira Cloud, this will be an email address and API token respectively. You can generate your API token here.
      4. Click
        Save
        .
    3. In
      CA certificate
      , enter a copy of the CA certificate in PEM format.
    4. In
      Project key
      , enter a project key.
      Alternatively, you can dynamically specify the project key based on a label. When an alert fires, the project key is taken from the label of the resource that triggered the action. To do so, click
      Select labels…​
      , and choose a label that you know will contain the project key. If there are no labels in the drop-down list, go to
      Manage > Alerts > Alert Labels
      , and define them.
    5. Enter an issue type.
    6. Enter a priority.
    7. Enter a comma delimited list of JIRA labels to apply to the issue.
      You can dynamically define the list from a label. Click
      Select labels…​
      , and select one or more labels.
    8. Enter an assignee for the new issue.
      You can dynamically define the assignee from a label. Click
      Select labels…​
      , and select one or more labels.
    9. Click
      Send Test Alert
       to test the connection.

    Configure the triggers

    1. In
      Select triggers
      , select the events that should trigger an alert to be sent.
    2. To specify specific rules that should trigger an alert, deselect
      All rules
      , and then select any individual rules.
    3. Click
      Next
      .

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.