Integrate Jira with Google SecOps
Integration version: 50.0
This document explains how to integrate Jira with Google Security Operations.
Use cases
The Jira integration uses Google SecOps capabilities to support the following use cases:
Automated ticketing: Automatically create Jira issues from Google SecOps alerts using the Jira Connector to streamline the handoff between security and IT teams.
Bidirectional synchronization: Maintain consistency across platforms by automatically syncing comments and status changes between Jira tickets and Google SecOps cases using dedicated sync jobs.
Incident enrichment: Attach evidence, logs, and screenshots directly to Jira issues using the Upload Attachment action to provide full context to remediators.
Dynamic task management: Update, assign, or link related Jira issues directly from the Google SecOps playbook to automate standard operating procedures (SOPs).
Before you begin
Before you configure the Jira integration in the Google SecOps platform, verify that you have the following:
Product compatibility: Access to either a Jira Cloud instance or a Jira Data Center (On-Prem) environment.
API root URL: The base URL of your Jira instance (for example,
https://yourdomain.atlassian.net).Authentication credentials:
Jira Cloud: A valid username and Atlassian API Token.
Jira Data Center (On-Prem): A valid username and standard password combination.
Network access: Ensure the Google SecOps platform (or a remote agent) can reach the Jira API endpoint.
Set up authentication for Jira Cloud
To connect to Jira Cloud, you must create an API token from your Atlassian account:
Sign in to your Atlassian account.
Click Create API token.
In the Label field, enter a concise name for the token (such as "Google SecOps Integration") and click Create.
Click Copy to clipboard, then paste the token somewhere secure to save.
Integration parameters
The Jira integration requires the following parameters:
| Parameter | Description |
|---|---|
Api Root |
Required. The base URL of the Jira instance. The default value is |
Username |
Required. The username used to connect to Jira. Requirements for this field differ across Jira products:
|
Api Token |
Required. The authentication credential used to connect to Jira. Authentication requirements differ across Jira products. See Before you begin for specific instructions on how to authenticate with Jira Cloud or Jira Data Center. |
Verify SSL |
Optional. If selected, the integration validates the SSL certificate when connecting to the Jira server. Disabled by default. |
For instructions about how to configure an integration in Google SecOps, see Configure integrations.
You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances.
Actions
For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action.
Add Comment
Use the Add Comment action to compose and add a comment to an existing Jira issue.
This is an effective way to document findings, provide updates, and collaborate with team members directly from Google SecOps.
This action doesn't run on Google SecOps entities.
Action inputs
The Add Comment action requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key |
Required. The unique identifier of the Jira issue (for example,
|
Comment |
Required. The text to add to the Jira issue. |
Action outputs
The Add Comment action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Add Comment action:
| Script result name | Value |
|---|---|
comment_id |
The unique ID of the newly created comment in Jira. |
Assign Issue
Use the Assign Issue action to assign a Jira issue to a specific user.
This action doesn't run on Google SecOps entities.
Action inputs
The Assign Issue action requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key |
Required. The unique identifier of the Jira issue (for example,
|
Assignee |
Required. The name or email address of the user to assign the issue to. |
Jira Username |
Optional. The Jira username of the person initiating the assignment action. |
Action outputs
The Assign Issue action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Assign Issue action:
| Script result name | Value |
|---|---|
success |
true or false |
Create Alert Issue
Use the Create Alert Issue action to create a new ticket in Jira for a specific alert.
This action is primarily used within playbooks to escalate security incidents to IT or engineering teams for further investigation or remediation.
This action doesn't run on Google SecOps entities.
Action inputs
The Create Alert Issue action requires the following parameters:
| Parameter | Description |
|---|---|
Project Key |
Required. The unique shorthand key of the Jira project where the issue is created
(such as |
Summary |
Required. A brief title or summary of the issue. |
Issue Type |
Required. The name of the issue type (such as |
Action outputs
The Create Alert Issue action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when the action successfully creates an issue:
{
"summary": "Sample issue",
"description": "Create Enrich entities action using Insights API (IOC search). Write connector for alerts.",
"project": {
"key": "PR",
"name": "Project 1",
"projectTypeKey": "software"
},
"issuetype": {
"name": "Task",
"subtask": false
},
"status": {
"name": "DONE",
"statusCategory": {
"name": "Done",
"key": "done"
}
},
"priority": {
"name": "Medium",
"id": "3"
},
"creator": {
"displayName": "user1",
"emailAddress": "john_doe@example.com"
},
"assignee": {
"displayName": "user2",
"emailAddress": "john_doe@example.com"
},
"created": "2018-06-19T15:23:13.701+0300",
"updated": "2018-09-18T10:02:06.347+0300"
}
Script result
The following table lists the value for the script result output when using the Create Alert Issue action:
| Script result name | Value |
|---|---|
issue_key |
The unique shorthand key of the newly created Jira issue (for example,
SEC-456). |
Create Issue
Use the Create Issue action to create a new ticket in a Jira project.
This action provides extensive customization options, including the ability to specify components, labels, and custom fields using JSON, making it suitable for complex ticket creation workflows.
This action doesn't run on Google SecOps entities.
Action inputs
The Create Issue action requires the following parameters:
| Parameter | Description |
|---|---|
Project Key |
Required. The unique shorthand key of the Jira project where the issue is created
(such as |
Summary |
Required. A brief title or summary of the issue. |
Description |
Optional. A detailed description of the issue. |
Issue Type |
Required. The name of the issue type (such as |
Jira Username |
Optional. The Jira username of the person initiating the action. |
Assignee |
Optional. The identifier of the user to whom the issue is assigned. |
Components |
Optional. A comma-separated list of Jira components to associate with the issue. |
Labels |
Optional. A comma-separated list of labels to add to the issue. |
Custom Fields |
Optional. A JSON object containing additional fields and values to set during
creation (for example, Values provided in this parameter take priority and overwrite other field mappings if a conflict occurs. |
Action outputs
The Create Issue action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Create Issue action:
{
"summary": "Sample issue",
"description": "Create Enrich entities action using Insights API (IOC search). Write connector for alerts. In a couple of days we will have access to an instance.",
"project": {
"key": "PR",
"name": "Project 1",
"projectTypeKey": "software"
},
"issuetype": {
"name": "Task",
"description": "A task that needs to be done.",
"subtask": false
},
"status": {
"name": "DONE",
"statusCategory": {
"name": "Done",
"key": "done",
"colorName": "green"
}
},
"priority": {
"name": "Medium",
"id": "3"
},
"resolution": {
"name": "Done",
"description": "Work has been completed on this issue."
},
"creator": {
"displayName": "user1",
"emailAddress": "john_doe@example.com",
"active": true,
"timeZone": "Asia/Jerusalem"
},
"assignee": {
"displayName": "user2",
"emailAddress": "john_doe@example.com",
"active": true
},
"reporter": {
"displayName": "user1",
"emailAddress": "john_doe@example.com"
},
"labels": [
"Label1"
],
"attachment": [
{
"id": "1001",
"filename": "file.rar",
"mimeType": "binary/octet-stream",
"size": 15420,
"created": "2018-06-19T15:23:07.369+0300"
}
],
"created": "2018-06-19T15:23:13.701+0300",
"updated": "2018-09-18T10:02:06.347+0300",
"resolutiondate": "2018-09-18T10:02:06.340+0300",
"watches": {
"watchCount": 1,
"isWatching": false
}
}
Script result
The following table lists the value for the script result output when using the Create Issue action:
| Script result name | Value |
|---|---|
issue_key |
The unique shorthand key of the newly created Jira issue (for example,
SEC-789). |
Delete Issue
Use the Delete Issue action to permanently remove an issue from Jira.
This action is typically used to clean up duplicate tickets or remove test data generated during playbook development.
This action doesn't run on Google SecOps entities.
Action inputs
The Delete Issue action requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key |
Required. The unique shorthand key of the Jira issue to delete (for example,
|
Action outputs
The Delete Issue action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Delete Issue action:
| Script result name | Value |
|---|---|
success |
true or false |
Download Attachments
Use the Download Attachments action to retrieve all files attached to a
specific Jira issue. If an attachment is an .eml file, the action also
downloads any files contained within that email.
This action doesn't run on Google SecOps entities.
Action inputs
The Download Attachments action requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key |
Required. The unique shorthand key of the Jira issue (for example,
|
Download Path |
Optional. The local or internal path to the folder where the action saves the downloaded attachments. The required format depends on your deployment type:
|
Download Attachments to the Case Wall |
Optional. If selected, the action downloads the Jira issue attachments directly to the current Google SecOps case wall. There is a size limitation for attachments added to the case wall. Large files may fail to upload. Disabled by default. |
Action outputs
The Download Attachments action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Download Attachments action:
[
{
"download_path": "downloads/Security_Evidence.eml",
"attachment_details": {
"id": "10007",
"filename": "Security_Evidence.eml",
"author": {
"displayName": "Security Analyst",
"emailAddress": "analyst@example.com",
"active": true,
"timeZone": "Asia/Calcutta"
},
"created": "2024-05-25T20:27:09.066+0530",
"size": 12049140,
"mimeType": "message/rfc822"
}
},
{
"download_path": "downloads/Logs_Attachment.txt",
"attachment_details": {
"id": "10005",
"filename": "Logs_Attachment.txt",
"author": {
"displayName": "System Admin",
"emailAddress": "admin@example.com",
"active": true,
"timeZone": "Asia/Calcutta"
},
"created": "2024-05-16T11:48:24.141+0530",
"size": 43,
"mimeType": "text/plain"
}
}
]
Script result
The following table lists the value for the script result output when using the Download Attachments action:
| Script result name | Value |
|---|---|
is_success |
true or false |
Get Issues
Use the Get Issues action to retrieve full details for one or more Jira issues.
This action is useful for enriching Google SecOps cases with current ticket metadata (such as status, assignee, and priority).
This action doesn't run on Google SecOps entities.
Action inputs
The Get Issues action requires the following parameters:
| Parameter | Description |
|---|---|
Issue Keys |
Required. A comma-separated list of Jira issue keys to fetch (for example,
|
Action outputs
The Get Issues action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Get Issues action:
{
"issues_details_list": [
{
"key": "TES-65",
"summary": "New summary",
"description": "Detailed description of the security incident.",
"project": {
"key": "TES",
"name": "test-project1",
"projectTypeKey": "software"
},
"issuetype": {
"name": "Bogue",
"subtask": false
},
"status": {
"name": "Fini",
"statusCategory": {
"name": "Terminé",
"key": "done"
}
},
"priority": {
"name": "Medium",
"id": "3"
},
"assignee": {
"displayName": "Vasil Daskalov",
"emailAddress": "vasil.daskalov@siemplify.co"
},
"creator": {
"displayName": "admin@siemplifylab.local",
"emailAddress": "admin@siemplifylab.local"
},
"created": "2021-08-31T12:15:22.089+0000",
"updated": "2021-11-11T13:16:50.552+0000",
"resolution": {
"name": "Terminé",
"description": "Ce ticket a été traité."
},
"labels": [],
"components": []
}
]
}
Script result
The following table lists the value for the script result output when using the Get Issues action:
| Script result name | Value |
|---|---|
issues_details_list |
A list containing the full metadata for the requested Jira issues. |
Link Issues
Use the Link Issues action to establish a relationship between multiple Jira issues.
This action is primarily used within playbooks to connect related security incidents or to track dependencies between investigation tickets.
This action doesn't run on Google SecOps entities.
Action inputs
The Link Issues action requires the following parameters:
| Parameter | Description |
|---|---|
Inward Issue ID |
Required. A comma-separated list of inward issue IDs. For example, if |
Outward Issue IDs |
Required. The shorthand key of the outward Jira issue. For example, if |
Relation Type |
Required. The type of link to create between the issues. You can find a list of available relation types by running the List Relation Types action. The default value is |
Action outputs
The Link Issues action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Output messages
The Link Issues action can return the following output messages:
| Output message | Message description |
|---|---|
Action wasn't able to find the following destination issues in Jira: ISSUE_IDS. |
The action succeeded |
Error executing action "Link Issues".
Reason: ERROR_REASON |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Link Issues action:
| Script result name | Value |
|---|---|
success |
true or false |
List Issues
Use the List Issues action to search for and retrieve a list of Jira issue keys based on specific filtering criteria.
This action is useful for identifying existing tickets that match an alert context to avoid duplication or to perform bulk updates within a playbook.
This action doesn't run on Google SecOps entities.
Action inputs
The List Issues action provides the following optional filtering parameters. If no parameters are provided, the action returns all issues accessible by the integration user.
| Parameter | Description |
|---|---|
Project Names |
Optional. A comma-separated list of project names to search within. |
Summary |
Optional. If provided, the action filters issues by the specific summary or title. |
Description |
Optional. If provided, the action filters issues by text contained in the description. |
Issue Types |
Optional. A comma-separated list of issue types (for example,
The default value is |
Priorities |
Optional. A comma-separated list of priority levels to filter by (for example,
|
Created From |
Optional. If provided, the action filters for issues created on or after this date
(in the format |
Updated From |
Optional. If provided, the action filters for issues updated on or after this date
(in the format |
Assignees |
Optional. A comma-separated list of assignee identifiers to filter by. |
Reporter |
Optional. A comma-separated list of reporter identifiers to filter by. |
Statuses |
Optional. A comma-separated list of issue statuses to filter by (for example,
|
Action outputs
The List Issues action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the List Issues action:
[
"PR-123",
"PR-124",
"SEC-789"
]
Script result
The following table lists the value for the script result output when using the List Issues action:
| Script result name | Value |
|---|---|
issues |
A list containing the unique shorthand keys of the Jira issues found. |
List Relation Types
Use the List Relation Types action to retrieve a list of all available link relationship types configured in your Jira instance.
This action is useful for validating valid input values for the Link Issues action.
This action doesn't run on Google SecOps entities.
Action inputs
The List Relation Types action requires the following parameters:
| Parameter | Description |
|---|---|
Filter Key |
Optional. The field used to filter the relation types. If the Filter Logic is set to The possible values are as follows:
The default value is |
Filter Logic |
Optional. The logical operator applied to the filter. The possible values are as follows:
The default value is |
Filter Value |
Optional. The specific string value used for filtering based on the selected
If no value is provided, the filter is not applied even if a key and logic are selected. |
Max Records To Return |
Optional. The maximum number of records to return in the results. The default value is |
Action outputs
The List Relation Types action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
The List Relation Types action provides the following table:
Table name: Available Relation
Table columns:
- Name
- Inward
- Outward
JSON result
The following example shows the JSON result output received when using the List Relation Types action:
[{
"id": "10000",
"name": "Blocks",
"inward": "is blocked by",
"outward": "blocks"
}]
Output messages
The List Relation Types action can return the following output messages:
| Output message | Message description |
|---|---|
|
The action succeeded. |
Error executing action "List Relation types".
Reason: ERROR_REASON |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the List Relation Types action:
| Script result name | Value |
|---|---|
is_success |
true or false |
Ping
Use the Ping action to test the connectivity to Jira.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
The Ping action provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Ping action:
| Script result name | Value |
|---|---|
success |
true or false |
Update Issue
Description
Update an issue. For the new Jira API, the action tries to find a match for the assignee to assign an issue based on user email, and then tries with the displayName field.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | The key of the issue to update. |
| Status | String | N/A | No | Specify the relevant transition name, to transition this issue to the new desired status. |
| Summary | String | N/A | No | The new summary of the issue. |
| Description | String | N/A | No | The new description of the issue. |
| Issue Type | String | N/A | No | The new type of the issue. |
| Assignee | String | N/A | No | The new assignee of the issue. |
| Jira Username | String | N/A | No | The Jira username of the action initiator. |
| Components | String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
| Custom Fields | JSON | NA | No | Specify a JSON object containing all of the fields and values that are used during issue creation. Note: This parameter has priority and all of the fields are overwritten with the value that is provided for this parameter. Example: {"field":"value"} |
| Labels | String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| Success | True/False | Success:False |
JSON Result
{
"comment":
{
"total": 0,
"startAt": 0,
"comments": [],
"maxResults": 0
},
"creator":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1user",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"aggregatetimeestimate": null,
"labels": ["Label1"],
"aggregatetimespent": null,
"watches":
{
"self": "",
"watchCount": 1,
"isWatching": false
},
"assignee":
{
"displayName": "user2",
"name": "user2",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user2",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": ""
},
"lastViewed": "2019-01-22T10:14:02.910+0200",
"issuelinks": [],
"Worklog":
{
"worklogs": [],
"total": 0,
"startAt": 0,
"maxResults": 20
},
"aggregateprogress":
{
"progress": 0,
"total": 0
},
"Priority":
{
"iconUrl": "",
"self": "",
"name": "Medium",
"id": "3"
},
"votes":
{
"hasVoted": false,
"self": "",
"votes": 0
},
"workratio": -1,
"fixVersions": [],
"environment": null,
"timespent": null,
"attachment":
[{
"mimeType": "binary/octet-stream",
"created": "2018-06-19T15:23:07.369+0300",
"self": "",
"author":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"filename": "file.rar",
"content": "",
"id": "0",
"size": 0
}],
"progress":
{
"progress": 0,
"total": 0
},
"duedate": null,
"status":
{
"statusCategory":
{
"name": "Done",
"self": "",
"id": 3,
"key": "done",
"colorName": "green"
},
"description": "",
"self": "",
"iconUrl": "",
"id": "0",
"name": "DONE"
},
"updated": "2018-09-18T10:02:06.347+0300",
"subtasks": [],
"description": "Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance",
"reporter":
{
"displayName": "user1",
"name": "user1",
"self": "",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"emailAddress": "john_doe@example.com",
"key": "user1",
"active": true,
"timeZone": "Asia/Jerusalem",
"accountId": "0"
},
"timeoriginalestimate": null,
"aggregatetimeoriginalestimate": null,
"created": "2018-06-19T15:23:13.701+0300",
"versions": [],
"resolutiondate": "2018-09-18T10:02:06.340+0300",
"summary": "Sample issue",
"project":
{
"name": "Project 1",
"self": "",
"projectTypeKey": "software",
"avatarUrls":
{
"24x24": "",
"16x16": "",
"48x48": "",
"32x32": ""
},
"key": "PR",
"id": "0"
},
"timetracking": {},
"components": [],
"issuetype":
{
"name": "Task",
"self": "",
"iconUrl": "",
"subtask": false,
"avatarId": 10318,
"id": "10002",
"description": "A task that needs to be done."
},
"security": null,
"resolution":
{
"id": "10000",
"self": "",
"description": "Work has been completed on this issue.",
"name": "Done"
},
"timeestimate": null
}
Upload Attachment
Description
Add an attachment to an issue.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Issue Key | String | N/A | Yes | File Paths. |
| File Paths | String | N/A | Yes | The absolute paths of the files to upload, separated by commas. The required format depends on your deployment type:
|
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Search Users
Search users in Jira.
Entities
This action doesn't run on entities.
Action inputs
To configure the action, use the following parameters:
| Parameters | |
|---|---|
User Email Addresses |
Optional
Comma-separated list of email addresses to return the users for. |
User Names |
Optional
Comma-separated list of usernames to return the users for. |
Project |
Optional
Name of the project to search email addresses in. If provided, only
|
Action outputs
| Action output type | |
|---|---|
| Case wall attachment | N/A |
| Case wall link | N/A |
| Case wall table | N/A |
| Enrichment table | N/A |
| JSON result | Available |
| Script result | Available |
Script result
| Script result name | Value |
|---|---|
| is_success | True/False |
JSON result
[
{
"Entity": "example",
"EntityResult": {
"_resource": "user?accountId={0}",
"_options": {
"server": "https://siemplify.atlassian.net",
"auth_url": "/rest/auth/1/session",
"context_path": "/",
"rest_path": "api",
"rest_api_version": "2",
"agile_rest_path": "agile",
"agile_rest_api_version": "1.0",
"verify": false,
"resilient": true,
"async": false,
"async_workers": 5,
"client_cert": null,
"check_update": false,
"delay_reload": 0,
"headers": {
"Cache-Control": "no-cache",
"Content-Type": "application/json",
"X-Atlassian-Token": "no-check"
}
},
"_session": "<jira.resilientsession.ResilientSession object>",
"_base_url": "{server}/rest/{rest_path}/{rest_api_version}/{path}",
"raw": {
"self": "https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id",
"accountId": "example-account-id",
"accountType": "atlassian",
"emailAddress": "example.user",
"avatarUrls": {
"48x48": "https://example.com"
},
"displayName": "Example",
"active": true,
"timeZone": "UTC",
"locale": "en_US"
},
"self": "https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id",
"accountId": "example-account-id",
"accountType": "atlassian",
"emailAddress": "example.user",
"avatarUrls": "<jira.resources.PropertyHolder object>",
"displayName": "Example",
"active": true,
"timeZone": "UTC",
"locale": "en_US"
}
}
]
Case wall
The action provides the following output messages:
| Output message | Message description |
|---|---|
|
Action succeeded. |
Error executing action "Search Users".
Reason: ERROR_REASON |
Action failed. Check connection to the server, input parameters, or credentials. |
Connectors
Jira Connector
Description
Fetch issues from Jira to Google SecOps.
Configure Jira Connector in Google SecOps
For detailed instructions on how to configure a connector in Google SecOps, see Configuring the connector.
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| DeviceProductField | String | device_product | Yes | The field name used to determine the device product. |
| EventClassId | String | name | No | The field name used to determine the event name (sub-type). |
| PythonProcessTimeout | String | 60 | Yes | The timeout limit (in seconds) for the python process running current script. |
| API Root | String | https://{jira_address} | Yes | The API root of the Jira instance. |
| Username | String | N/A | Yes | N/A |
| API Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
| Days Backwards | Integer | 5 | No | Max number of days backwards to pull alerts from. |
| Max Tickets Per Cycle | Integer | 10 | No | Max tickets to fetch and process in one connector cycle. |
| Project Names | String | N/A | No | Project names separated by a comma. |
| Issue Statuses | String | N/A | No | Issues' statuses separated by a comma. |
| Assignees | String | N/A | No | Users' full names separated by a comma. |
| Issue Types | String | N/A | No | Issue types separated by a comma. |
| Issue Priorities | String | N/A | No | Issue priorities separated by a comma. |
| Issue Components | String | N/A | No | Issue components separated by a comma. |
| Proxy Server Address | String | N/A | No | The address of the proxy server to use. |
| Proxy Username | String | N/A | No | The proxy username to authenticate with. |
| Proxy Password | Password | N/A | No | The proxy password to authenticate with. |
| Environment Field Name | String | "" | No | Describes the name of the field where the environment name is stored. If the environment field isn't found, the environment is the default environment. |
| Environment Regex Pattern | String | .* | No | A regex pattern to run on the value found in the "Environment Field Name" field. Default is .* to catch all and return the value unchanged. Used to allow the user to manipulate the environment field via regex logic. If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
Connector Rules
Proxy Support
The connector supports proxy.
Dynamic list and blocklist
The connector supports dynamic list and blocklist rules only for specific labels inside Jira.
Jobs
Sync Closure Job
Description
Close tickets in Jira if corresponding Google SecOps alerts were closed.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://{jira_address} | Yes | Jira instance api root url. |
| Username | String | N/A | Yes | Username to connect to Jira instance. |
| API Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
| Project Names | String | project names separated by a comma | Yes | Jira project names separated by a comma that job should monitor. |
| Max Days Backwards | Integer | 1 | Yes | Maximum number of days to sync tickets status backward. |
Sync Comments Job
Description
Sync comments between the Google SecOps case and the corresponding Jira ticket. Synchronizing is bidirectional—that is, from Google SecOps to Jira and from Jira to Google SecOps.
When the job creates a comment, it applies the prefix. If a Google SecOps user comments in t\he Google SecOps case, the job creates and synchronizes the user comment in the corresponding Jira ticket using the Chronicle Comment Prefix parameter.
This feature is added for two purposes:
- Visibility.
- Prevent comments added by the job from being synced again to the other side, and cause a loop.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| API Root | String | https://{jira_address} | Yes | Jira instance api root url. |
| Username | String | N/A | Yes | Username to connect to Jira instance. |
| API Token | Password | N/A | Yes | Token generated in the Jira console. Note: This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
| Project Names | String | project names separated by comma | Yes | Jira project names separated by comma that job should monitor. |
| Max Days Backwards | Integer | 1 | Yes | Maximum number of days to sync tickets status backwards. |
| Google SecOps Comment Prefix | String | Google SecOps: | Yes | Prefix that is added by the sync job to comments created for Jira tickets. |
| Jira Comment Prefix | String | Jira Comment Sync Job: | Yes | Prefix that is added by the sync job to the Google SecOps alert case comments. |
Need more help? Get answers from Community members and Google SecOps professionals.