Integrate Jira with Google SecOps
Integration version: 50.0
This document explains how to integrate Jira with Google Security Operations.
Use cases
The Jiraintegration uses Google SecOps capabilities to support the following use cases:
-
Automated ticketing: Automatically create Jira issues from Google SecOps alerts using the Jira Connector to streamline the handoff between security and IT teams.
-
Bidirectional synchronization: Maintain consistency across platforms by automatically syncing comments and status changes between Jira tickets and Google SecOps cases using dedicated sync jobs.
-
Incident enrichment: Attach evidence, logs, and screenshots directly to Jira issues using the Upload Attachment action to provide full context to remediators.
-
Dynamic task management: Update, assign, or link related Jira issues directly from the Google SecOps playbook to automate standard operating procedures (SOPs).
Before you begin
Before you configure the Jiraintegration in the Google SecOps platform, verify that you have the following:
-
Product compatibility: Access to either a Jira Cloud instance or a Jira Data Center (On-Prem) environment.
-
API root URL: The base URL of your Jira instance (for example,
https://yourdomain.atlassian.net). -
Authentication credentials:
-
Jira Cloud: A valid username and Atlassian API Token .
-
Jira Data Center (On-Prem): A valid username and standard password combination.
-
-
Network access: Ensure the Google SecOps platform (or a remote agent) can reach the Jira API endpoint.
Set up authentication for Jira Cloud
To connect to Jira Cloud, you must create an API token from your Atlassian account:
-
Sign in to your Atlassian account .
-
Click Create API token.
-
In the Labelfield, enter a concise name for the token (such as "Google SecOps Integration") and click Create.
-
Click Copy to clipboard, then paste the token somewhere secure to save.
Integration parameters
The Jiraintegration requires the following parameters:
Api Root
Required.
The base URL of the Jira instance.
The default value is https:// JIRA_ADDRESS
.
Username
Required.
The username used to connect to Jira.
Requirements for this field differ across Jira products:
- For Jira Cloud, you must enter the email address associated with your account.
- For Jira Data Center, enter your standard username.
Api Token
Required.
The authentication credential used to connect to Jira.
Authentication requirements differ across Jira products. See Before you begin for specific instructions on how to authenticate with Jira Cloud or Jira Data Center.
Verify SSL
Optional.
If selected, the integration validates the SSL certificate when connecting to the Jira server.
Disabled by default.
For instructions about how to configure an integration in Google SecOps, see Configure integrations .
You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances .
Actions
For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action .
Add Comment
Use the Add Commentaction to compose and add a comment to an existing Jira issue.
This is an effective way to document findings, provide updates, and collaborate with team members directly from Google SecOps.
This action doesn't run on Google SecOps entities.
Action inputs
The Add Commentaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key
|
Required. The unique identifier of the Jira issue (for example, |
Comment
|
Required. The text to add to the Jira issue. |
Action outputs
The Add Commentaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Add Commentaction:
| Script result name | Value |
|---|---|
comment_id
|
The unique ID of the newly created comment in Jira. |
Assign Issue
Use the Assign Issueaction to assign a Jira issue to a specific user.
This action doesn't run on Google SecOps entities.
Action inputs
The Assign Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key
|
Required. The unique identifier of the Jira issue (for example, |
Assignee
|
Required. The name or email address of the user to assign the issue to. |
Jira Username
|
Optional. The Jira username of the person initiating the assignment action. |
Action outputs
The Assign Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Assign Issueaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
Create Alert Issue
Use the Create Alert Issueaction to create a new ticket in Jira for a specific alert.
This action is primarily used within playbooks to escalate security incidents to IT or engineering teams for further investigation or remediation.
This action doesn't run on Google SecOps entities.
Action inputs
The Create Alert Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Project Key
|
Required. The unique shorthand key of the Jira project where the issue is created
(such as |
Summary
|
Required. A brief title or summary of the issue. |
Issue Type
|
Required. The name of the issue type (such as |
Action outputs
The Create Alert Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when the action successfully creates an issue:
{
"summary"
:
"Sample issue"
,
"description"
:
"Create Enrich entities action using Insights API (IOC search). Write connector for alerts."
,
"project"
:
{
"key"
:
"PR"
,
"name"
:
"Project 1"
,
"projectTypeKey"
:
"software"
},
"issuetype"
:
{
"name"
:
"Task"
,
"subtask"
:
false
},
"status"
:
{
"name"
:
"DONE"
,
"statusCategory"
:
{
"name"
:
"Done"
,
"key"
:
"done"
}
},
"priority"
:
{
"name"
:
"Medium"
,
"id"
:
"3"
},
"creator"
:
{
"displayName"
:
"user1"
,
"emailAddress"
:
"john_doe@example.com"
},
"assignee"
:
{
"displayName"
:
"user2"
,
"emailAddress"
:
"john_doe@example.com"
},
"created"
:
"2018-06-19T15:23:13.701+0300"
,
"updated"
:
"2018-09-18T10:02:06.347+0300"
}
Script result
The following table lists the value for the script result output when using the Create Alert Issueaction:
| Script result name | Value |
|---|---|
issue_key
|
The unique shorthand key of the newly created Jira issue (for example, SEC-456
). |
Create Issue
Use the Create Issueaction to create a new ticket in a Jira project.
This action provides extensive customization options, including the ability to specify components, labels, and custom fields using JSON, making it suitable for complex ticket creation workflows.
This action doesn't run on Google SecOps entities.
Action inputs
The Create Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Project Key
|
Required. The unique shorthand key of the Jira project where the issue is created
(such as |
Summary
|
Required. A brief title or summary of the issue. |
Description
|
Optional. A detailed description of the issue. |
Issue Type
|
Required. The name of the issue type (such as |
Jira Username
|
Optional. The Jira username of the person initiating the action. |
Assignee
|
Optional. The identifier of the user to whom the issue is assigned. |
Components
|
Optional. A comma-separated list of Jira components to associate with the issue. |
Labels
|
Optional. A comma-separated list of labels to add to the issue. |
Custom Fields
|
Optional. A JSON object containing additional fields and values to set during
creation (for example, Values provided in this parameter take priority and overwrite other field mappings if a conflict occurs. |
Action outputs
The Create Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Create Issueaction:
{
"summary"
:
"Sample issue"
,
"description"
:
"Create Enrich entities action using Insights API (IOC search). Write connector for alerts. In a couple of days we will have access to an instance."
,
"project"
:
{
"key"
:
"PR"
,
"name"
:
"Project 1"
,
"projectTypeKey"
:
"software"
},
"issuetype"
:
{
"name"
:
"Task"
,
"description"
:
"A task that needs to be done."
,
"subtask"
:
false
},
"status"
:
{
"name"
:
"DONE"
,
"statusCategory"
:
{
"name"
:
"Done"
,
"key"
:
"done"
,
"colorName"
:
"green"
}
},
"priority"
:
{
"name"
:
"Medium"
,
"id"
:
"3"
},
"resolution"
:
{
"name"
:
"Done"
,
"description"
:
"Work has been completed on this issue."
},
"creator"
:
{
"displayName"
:
"user1"
,
"emailAddress"
:
"john_doe@example.com"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
},
"assignee"
:
{
"displayName"
:
"user2"
,
"emailAddress"
:
"john_doe@example.com"
,
"active"
:
true
},
"reporter"
:
{
"displayName"
:
"user1"
,
"emailAddress"
:
"john_doe@example.com"
},
"labels"
:
[
"Label1"
],
"attachment"
:
[
{
"id"
:
"1001"
,
"filename"
:
"file.rar"
,
"mimeType"
:
"binary/octet-stream"
,
"size"
:
15420
,
"created"
:
"2018-06-19T15:23:07.369+0300"
}
],
"created"
:
"2018-06-19T15:23:13.701+0300"
,
"updated"
:
"2018-09-18T10:02:06.347+0300"
,
"resolutiondate"
:
"2018-09-18T10:02:06.340+0300"
,
"watches"
:
{
"watchCount"
:
1
,
"isWatching"
:
false
}
}
Script result
The following table lists the value for the script result output when using the Create Issueaction:
| Script result name | Value |
|---|---|
issue_key
|
The unique shorthand key of the newly created Jira issue (for example, SEC-789
). |
Delete Issue
Use the Delete Issueaction to permanently remove an issue from Jira.
This action is typically used to clean up duplicate tickets or remove test data generated during playbook development.
This action doesn't run on Google SecOps entities.
Action inputs
The Delete Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key
|
Required. The unique shorthand key of the Jira issue to delete (for example, |
Action outputs
The Delete Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Delete Issueaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
Download Attachments
Use the Download Attachmentsaction to retrieve all files attached to a
specific Jira issue. If an attachment is an .eml
file, the action also
downloads any files contained within that email.
This action doesn't run on Google SecOps entities.
Action inputs
The Download Attachmentsaction requires the following parameters:
Issue Key
Required.
The unique shorthand key of the Jira issue (for example, SEC-123
).
Download Path
Optional.
The local or internal path to the folder where the action saves the downloaded attachments.
The required format depends on your deployment type:
- SaaS Deployment: The path is internal to the hosted
platform, such as
/attachments/. - Remote Agent Deployment: The path must be an absolute, valid
directory path on the local machine where the remote agent is installed. For example,
C:\temp\attachmentsfor Windows or/var/tmp/attachments/for Linux.
Download Attachments to the Case Wall
Optional.
If selected, the action downloads the Jira issue attachments directly to the current Google SecOps case wall.
There is a size limitation for attachments added to the case wall. Large files may fail to upload.
Disabled by default.
Action outputs
The Download Attachmentsaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Download Attachmentsaction:
[
{
"download_path"
:
"downloads/Security_Evidence.eml"
,
"attachment_details"
:
{
"id"
:
"10007"
,
"filename"
:
"Security_Evidence.eml"
,
"author"
:
{
"displayName"
:
"Security Analyst"
,
"emailAddress"
:
"analyst@example.com"
,
"active"
:
true
,
"timeZone"
:
"Asia/Calcutta"
},
"created"
:
"2024-05-25T20:27:09.066+0530"
,
"size"
:
12049140
,
"mimeType"
:
"message/rfc822"
}
},
{
"download_path"
:
"downloads/Logs_Attachment.txt"
,
"attachment_details"
:
{
"id"
:
"10005"
,
"filename"
:
"Logs_Attachment.txt"
,
"author"
:
{
"displayName"
:
"System Admin"
,
"emailAddress"
:
"admin@example.com"
,
"active"
:
true
,
"timeZone"
:
"Asia/Calcutta"
},
"created"
:
"2024-05-16T11:48:24.141+0530"
,
"size"
:
43
,
"mimeType"
:
"text/plain"
}
}
]
Script result
The following table lists the value for the script result output when using the Download Attachmentsaction:
| Script result name | Value |
|---|---|
is_success
|
true
or false
|
Get Issues
Use the Get Issuesaction to retrieve full details for one or more Jira issues.
This action is useful for enriching Google SecOps cases with current ticket metadata (such as status, assignee, and priority).
This action doesn't run on Google SecOps entities.
Action inputs
The Get Issuesaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Keys
|
Required. A comma-separated list of Jira issue keys to fetch (for example, |
Action outputs
The Get Issuesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Get Issuesaction:
{
"issues_details_list"
:
[
{
"key"
:
"TES-65"
,
"summary"
:
"New summary"
,
"description"
:
"Detailed description of the security incident."
,
"project"
:
{
"key"
:
"TES"
,
"name"
:
"test-project1"
,
"projectTypeKey"
:
"software"
},
"issuetype"
:
{
"name"
:
"Bogue"
,
"subtask"
:
false
},
"status"
:
{
"name"
:
"Fini"
,
"statusCategory"
:
{
"name"
:
"Terminé"
,
"key"
:
"done"
}
},
"priority"
:
{
"name"
:
"Medium"
,
"id"
:
"3"
},
"assignee"
:
{
"displayName"
:
"Vasil Daskalov"
,
"emailAddress"
:
"vasil.daskalov@siemplify.co"
},
"creator"
:
{
"displayName"
:
"admin@siemplifylab.local"
,
"emailAddress"
:
"admin@siemplifylab.local"
},
"created"
:
"2021-08-31T12:15:22.089+0000"
,
"updated"
:
"2021-11-11T13:16:50.552+0000"
,
"resolution"
:
{
"name"
:
"Terminé"
,
"description"
:
"Ce ticket a été traité."
},
"labels"
:
[],
"components"
:
[]
}
]
}
Script result
The following table lists the value for the script result output when using the Get Issuesaction:
| Script result name | Value |
|---|---|
issues_details_list
|
A list containing the full metadata for the requested Jira issues. |
Link Issues
Use the Link Issuesaction to establish a relationship between multiple Jira issues.
This action is primarily used within playbooks to connect related security incidents or to track dependencies between investigation tickets.
This action doesn't run on Google SecOps entities.
Action inputs
The Link Issuesaction requires the following parameters:
| Parameter | Description |
|---|---|
Inward Issue ID
|
Required. A comma-separated list of inward issue IDs. For example, if |
Outward Issue IDs
|
Required. The shorthand key of the outward Jira issue. For example, if |
Relation Type
|
Required. The type of link to create between the issues. You can find a list of available relation types by running the List Relation Types action. The default value is |
Action outputs
The Link Issuesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Output messages
The Link Issuesaction can return the following output messages:
| Output message | Message description |
|---|---|
| Action wasn't able to find the following destination issues in Jira: ISSUE_IDS . |
The action succeeded |
Error executing action "Link Issues".
Reason: ERROR_REASON
|
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Link Issuesaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
List Issues
Use the List Issuesaction to search for and retrieve a list of Jira issue keys based on specific filtering criteria.
This action is useful for identifying existing tickets that match an alert context to avoid duplication or to perform bulk updates within a playbook.
This action doesn't run on Google SecOps entities.
Action inputs
The List Issuesaction provides the following optional filtering parameters. If no parameters are provided, the action returns all issues accessible by the integration user.
| Parameter | Description |
|---|---|
Project Names
|
Optional. A comma-separated list of project names to search within. |
Summary
|
Optional. If provided, the action filters issues by the specific summary or title. |
Description
|
Optional. If provided, the action filters issues by text contained in the description. |
Issue Types
|
Optional. A comma-separated list of issue types (for example, The default value is |
Priorities
|
Optional. A comma-separated list of priority levels to filter by (for example, |
Created From
|
Optional. If provided, the action filters for issues created on or after this date
(in the format |
Updated From
|
Optional. If provided, the action filters for issues updated on or after this date
(in the format |
Assignees
|
Optional. A comma-separated list of assignee identifiers to filter by. |
Reporter
|
Optional. A comma-separated list of reporter identifiers to filter by. |
Statuses
|
Optional. A comma-separated list of issue statuses to filter by (for example, |
Action outputs
The List Issuesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the List Issuesaction:
[
"PR-123"
,
"PR-124"
,
"SEC-789"
]
Script result
The following table lists the value for the script result output when using the List Issuesaction:
| Script result name | Value |
|---|---|
issues
|
A list containing the unique shorthand keys of the Jira issues found. |
List Relation Types
Use the List Relation Typesaction to retrieve a list of all available link relationship types configured in your Jira instance.
This action is useful for validating valid input values for the Link Issues action.
This action doesn't run on Google SecOps entities.
Action inputs
The List Relation Typesaction requires the following parameters:
Filter Key
Optional.
The field used to filter the relation types.
If the Filter Logic
is set to Equal
or Contains
, you must select a field other than Select One
to avoid an execution error.
The possible values are as follows:
-
Name -
Inward -
Outward
The default value is Select One
.
Filter Logic
Optional.
The logical operator applied to the filter.
The possible values are as follows:
-
Not Specified -
Equal -
Contains
The default value is Not Specified
.
Filter Value
Optional.
The specific string value used for filtering based on the selected Filter Key
and Filter Logic
.
If no value is provided, the filter is not applied even if a key and logic are selected.
Max Records To Return
Optional.
The maximum number of records to return in the results.
The default value is 50
.
Action outputs
The List Relation Typesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
The List Relation Typesaction provides the following table:
Table name: Available Relation
Table columns:
- Name
- Inward
- Outward
JSON result
The following example shows the JSON result output received when using the List Relation Typesaction:
[{
"id"
:
"10000"
,
"name"
:
"Blocks"
,
"inward"
:
"is blocked by"
,
"outward"
:
"blocks"
}]
Output messages
The List Relation Typesaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
Error executing action "List Relation types".
Reason: ERROR_REASON
|
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the List Relation Typesaction:
| Script result name | Value |
|---|---|
is_success
|
true
or false
|
Ping
Use the Pingaction to test the connectivity to Jira.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
The Pingaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Pingaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
Update Issue
Description
Update an issue. For the new Jira API, the action tries to find a match for the assignee to assign an issue based on user email, and then tries with the displayName field.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
Issue Key
|
String | N/A | Yes | The key of the issue to update. |
|
Status
|
String | N/A | No | Specify the relevant transition name, to transition this issue to the new desired status. |
|
Summary
|
String | N/A | No | The new summary of the issue. |
|
Description
|
String | N/A | No | The new description of the issue. |
|
Issue Type
|
String | N/A | No | The new type of the issue. |
|
Assignee
|
String | N/A | No | The new assignee of the issue. |
|
Jira Username
|
String | N/A | No | The Jira username of the action initiator. |
|
Components
|
String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
|
Custom Fields
|
JSON | NA | No | Specify a JSON object containing all of the fields and values that are used during issue creation. Note:This parameter has priority and all of the fields are overwritten with the value that is provided for this parameter. Example: {"field":"value"} |
|
Labels
|
String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
Success
|
True/False | Success:False |
JSON Result
{
"comment"
:
{
"total"
:
0
,
"startAt"
:
0
,
"comments"
:
[],
"maxResults"
:
0
},
"creator"
:
{
"displayName"
:
"user1"
,
"name"
:
"user1"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user1user"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
"0"
},
"aggregatetimeestimate"
:
null
,
"labels"
:
[
"Label1"
],
"aggregatetimespent"
:
null
,
"watches"
:
{
"self"
:
""
,
"watchCount"
:
1
,
"isWatching"
:
false
},
"assignee"
:
{
"displayName"
:
"user2"
,
"name"
:
"user2"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user2"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
""
},
"lastViewed"
:
"2019-01-22T10:14:02.910+0200"
,
"issuelinks"
:
[],
"Worklog"
:
{
"worklogs"
:
[],
"total"
:
0
,
"startAt"
:
0
,
"maxResults"
:
20
},
"aggregateprogress"
:
{
"progress"
:
0
,
"total"
:
0
},
"Priority"
:
{
"iconUrl"
:
""
,
"self"
:
""
,
"name"
:
"Medium"
,
"id"
:
"3"
},
"votes"
:
{
"hasVoted"
:
false
,
"self"
:
""
,
"votes"
:
0
},
"workratio"
:
-1
,
"fixVersions"
:
[],
"environment"
:
null
,
"timespent"
:
null
,
"attachment"
:
[{
"mimeType"
:
"binary/octet-stream"
,
"created"
:
"2018-06-19T15:23:07.369+0300"
,
"self"
:
""
,
"author"
:
{
"displayName"
:
"user1"
,
"name"
:
"user1"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user1"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
"0"
},
"filename"
:
"file.rar"
,
"content"
:
""
,
"id"
:
"0"
,
"size"
:
0
}],
"progress"
:
{
"progress"
:
0
,
"total"
:
0
},
"duedate"
:
null
,
"status"
:
{
"statusCategory"
:
{
"name"
:
"Done"
,
"self"
:
""
,
"id"
:
3
,
"key"
:
"done"
,
"colorName"
:
"green"
},
"description"
:
""
,
"self"
:
""
,
"iconUrl"
:
""
,
"id"
:
"0"
,
"name"
:
"DONE"
},
"updated"
:
"2018-09-18T10:02:06.347+0300"
,
"subtasks"
:
[],
"description"
:
"Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance"
,
"reporter"
:
{
"displayName"
:
"user1"
,
"name"
:
"user1"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user1"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
"0"
},
"timeoriginalestimate"
:
null
,
"aggregatetimeoriginalestimate"
:
null
,
"created"
:
"2018-06-19T15:23:13.701+0300"
,
"versions"
:
[],
"resolutiondate"
:
"2018-09-18T10:02:06.340+0300"
,
"summary"
:
"Sample issue"
,
"project"
:
{
"name"
:
"Project 1"
,
"self"
:
""
,
"projectTypeKey"
:
"software"
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"key"
:
"PR"
,
"id"
:
"0"
},
"timetracking"
:
{},
"components"
:
[],
"issuetype"
:
{
"name"
:
"Task"
,
"self"
:
""
,
"iconUrl"
:
""
,
"subtask"
:
false
,
"avatarId"
:
10318
,
"id"
:
"10002"
,
"description"
:
"A task that needs to be done."
},
"security"
:
null
,
"resolution"
:
{
"id"
:
"10000"
,
"self"
:
""
,
"description"
:
"Work has been completed on this issue."
,
"name"
:
"Done"
},
"timeestimate"
:
null
}
Upload Attachment
Description
Add an attachment to an issue.
Parameters
The absolute paths of the files to upload, separated by commas.
The required format depends on your deployment type:
- SaaS Deployment: The path is internal to the hosted
platform, such as
/attachments/. - Remote Agent Deployment: The path must be an absolute, valid
directory path on the local machine where the remote agent is installed. For example,
C:\temp\attachmentsfor Windows or/var/tmp/attachments/for Linux.
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Search Users
Search users in Jira.
Entities
This action doesn't run on entities.
Action inputs
To configure the action, use the following parameters:
User Email Addresses
Comma-separated list of email addresses to return the users for.
User Names
Comma-separated list of usernames to return the users for.
Project
Name of the project to search email addresses in. If provided, only Project Assignable Users
is returned.
Action outputs
Script result
| Script result name | Value |
|---|---|
| is_success | True/False |
JSON result
[
{
"Entity"
:
"example"
,
"EntityResult"
:
{
"_resource"
:
"user?accountId={0}"
,
"_options"
:
{
"server"
:
"https://siemplify.atlassian.net"
,
"auth_url"
:
"/rest/auth/1/session"
,
"context_path"
:
"/"
,
"rest_path"
:
"api"
,
"rest_api_version"
:
"2"
,
"agile_rest_path"
:
"agile"
,
"agile_rest_api_version"
:
"1.0"
,
"verify"
:
false
,
"resilient"
:
true
,
"async"
:
false
,
"async_workers"
:
5
,
"client_cert"
:
null
,
"check_update"
:
false
,
"delay_reload"
:
0
,
"headers"
:
{
"Cache-Control"
:
"no-cache"
,
"Content-Type"
:
"application/json"
,
"X-Atlassian-Token"
:
"no-check"
}
},
"_session"
:
"<jira.resilientsession.ResilientSession object>"
,
"_base_url"
:
"{server}/rest/{rest_path}/{rest_api_version}/{path}"
,
"raw"
:
{
"self"
:
"https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id"
,
"accountId"
:
"example-account-id"
,
"accountType"
:
"atlassian"
,
"emailAddress"
:
"example.user"
,
"avatarUrls"
:
{
"48x48"
:
"https://example.com"
},
"displayName"
:
"Example"
,
"active"
:
true
,
"timeZone"
:
"UTC"
,
"locale"
:
"en_US"
},
"self"
:
"https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id"
,
"accountId"
:
"example-account-id"
,
"accountType"
:
"atlassian"
,
"emailAddress"
:
"example.user"
,
"avatarUrls"
:
"<jira.resources.PropertyHolder object>"
,
"displayName"
:
"Example"
,
"active"
:
true
,
"timeZone"
:
"UTC"
,
"locale"
:
"en_US"
}
}
]
Case wall
The action provides the following output messages:
| Output message | Message description |
|---|---|
| |
Action succeeded. |
Error executing action "Search Users".
Reason: ERROR_REASON
|
Action failed. Check connection to the server, input parameters, or credentials. |
Connectors
Jira Connector
Description
Fetch issues from Jira to Google SecOps.
Configure Jira Connector in Google SecOps
For detailed instructions on how to configure a connector in Google SecOps, see Configuring the connector .
Connector parameters
Use the following parameters to configure the connector:
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
DeviceProductField
|
String | device_product | Yes | The field name used to determine the device product. |
|
EventClassId
|
String | name | No | The field name used to determine the event name (sub-type). |
|
PythonProcessTimeout
|
String | 60 | Yes | The timeout limit (in seconds) for the python process running current script. |
|
API Root
|
String | https://{jira_address} | Yes | The API root of the Jira instance. |
|
Username
|
String | N/A | Yes | N/A |
|
API Token
|
Password | N/A | Yes | Token generated in the Jira console. Note:This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
|
Days Backwards
|
Integer | 5 | No | Max number of days backwards to pull alerts from. |
|
Max Tickets Per Cycle
|
Integer | 10 | No | Max tickets to fetch and process in one connector cycle. |
|
Project Names
|
String | N/A | No | Project names separated by a comma. |
|
Issue Statuses
|
String | N/A | No | Issues' statuses separated by a comma. |
|
Assignees
|
String | N/A | No | Users' full names separated by a comma. |
|
Issue Types
|
String | N/A | No | Issue types separated by a comma. |
|
Issue Priorities
|
String | N/A | No | Issue priorities separated by a comma. |
|
Issue Components
|
String | N/A | No | Issue components separated by a comma. |
|
Proxy Server Address
|
String | N/A | No | The address of the proxy server to use. |
|
Proxy Username
|
String | N/A | No | The proxy username to authenticate with. |
|
Proxy Password
|
Password | N/A | No | The proxy password to authenticate with. |
|
Environment Field Name
|
String | "" | No | Describes the name of the field where the environment name is stored. If the environment field isn't found, the environment is the default environment. |
|
Environment Regex Pattern
|
String | .* | No | A regex pattern to run on the value found in the "Environment Field Name" field. Default is .* to catch all and return the value unchanged. Used to allow the user to manipulate the environment field via regex logic. If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
Connector Rules
Proxy Support
The connector supports proxy.
Dynamic list and blocklist
The connector supports dynamic list and blocklist rules only for specific labels inside Jira.
Jobs
Sync Closure Job
Description
Close tickets in Jira if corresponding Google SecOps alerts were closed.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
API Root
|
String | https://{jira_address} | Yes | Jira instance api root url. |
|
Username
|
String | N/A | Yes | Username to connect to Jira instance. |
|
API Token
|
Password | N/A | Yes | Token generated in the Jira console. Note:This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
|
Project Names
|
String | project names separated by a comma | Yes | Jira project names separated by a comma that job should monitor. |
|
Max Days Backwards
|
Integer | 1 | Yes | Maximum number of days to sync tickets status backward. |
Sync Comments Job
Description
Sync comments between the Google SecOps case and the corresponding Jira ticket. Synchronizing is bidirectional—that is, from Google SecOps to Jira and from Jira to Google SecOps.
When the job creates a comment, it applies the prefix. If a Google SecOps user comments in t\he Google SecOps case, the job creates and synchronizes the user comment in the corresponding Jira ticket using the Chronicle Comment Prefixparameter.
This feature is added for two purposes:
- Visibility.
- Prevent comments added by the job from being synced again to the other side, and cause a loop.
Parameters
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
API Root
|
String | https://{jira_address} | Yes | Jira instance api root url. |
|
Username
|
String | N/A | Yes | Username to connect to Jira instance. |
|
API Token
|
Password | N/A | Yes | Token generated in the Jira console. Note:This parameter can be used to contain the "Password" string in case of On-prem authentication, using username and password combination |
|
Project Names
|
String | project names separated by comma | Yes | Jira project names separated by comma that job should monitor. |
|
Max Days Backwards
|
Integer | 1 | Yes | Maximum number of days to sync tickets status backwards. |
|
Google SecOps Comment Prefix
|
String | Google SecOps: | Yes | Prefix that is added by the sync job to comments created for Jira tickets. |
|
Jira Comment Prefix
|
String | Jira Comment Sync Job: | Yes | Prefix that is added by the sync job to the Google SecOps alert case comments. |
Need more help? Get answers from Community members and Google SecOps professionals.
