You can configure Lacework to forward events to Jira using the Jira integration REST API. Lacework calls the Jira integration REST API and creates a new Jira open issue for each Lacework event that meets or exceeds the specified alert severity level within the maximum limit of 10 issues per hour. When the maximum limit is exceeded, priority is given to the highest level events. For example, if the alert severity level is set to high and Lacework generates 4 critical and 8 high events in one hour, only 10 new Jira issues are created in that hour, 4 issues for the critical events and only 6 issues for the high events.
Before creating the Jira integration in the Lacework Console, verify the following prerequisites:
- Provide a Jira user name and an API access token that is used to create new Jira issues. For management and security purposes, Lacework recommends creating a dedicated Lacework Jira user with appropriate permissions. For more information, refer to the Jira REST API Reference.
- The Jira user must have sufficient privileges to create new Jira issues in the specified Jira project.
- This Jira issue type must exist in the specified Jira project prior to creating the Lacework Jira integration as described in the procedure below. When Lacework creates new Jira issues, it creates new issues based on the specified Jira issue type.
- You must whitelist the following Lacework IPs to allow Lacework to communicate with the Jira server.
Add a Lacework Integration
After you configure the Jira prerequisites, return to the Lacework Console and complete the following steps:
- Log in to the Lacework Console with a Lacework user that has administrative privileges.
- Select Settings > Integrations.
- Under OUTGOING, select Jira.
- Click + Add Integration.
- Select a Jira Type:
- JIRA CLOUD—Select this option if your Jira instance is hosted by Atlassian in their cloud.
- JIRA SERVER—Select this option if you host your Jira instance on your hardware or in a hosting service like AWS.
- In the Name field, enter a name for the integration that is visible in the Lacework Console.
- If desired, change the Alert Severity Level. Lacework only forwards events that meet or exceed the selected threshold, for example, if set to Medium and above, new Jira issues are created when Lacework generates medium, high or critical events within the maximum limit of 10 issues per hour. When the maximum limit is exceeded, priority is given to the highest level events.
- In the Jira URL field, enter the URL of your Jira implementation without https protocol ("https://"), for example: "customer.atlassian.net".
- In the Jira Project Key field, enter the project key for the Jira project where the new Jira issues should be created. Note that the specified Jira Issue type must exist in the specified Jira project prior to creating the Lacework Jira integration.
- In the Issue Type field, enter the Jira Issue type (such as a Bug) to create when a new Jira issue is created.
- In the Username field, enter the Jira user name. Lacework recommends a dedicated Jira user. See above for more information.
- If integrating to a Jira cloud, in the API Token field, enter the Jira API Token. For more information, see https://confluence.atlassian.com/cloud/api-tokens-938839638.html.
- If integrating to a Jira server, in the Password field enter the password to the Jira user specified in a previous step.
- Click Save.
After Lacework generates events that meet or exceed the specified severity level, new Jira issues should be created.