Integrate Jira with Google SecOps
This document explains how to integrate Jira with Google Security Operations.
Use cases
The Jiraintegration uses Google SecOps capabilities to support the following use cases:
-
Automated ticketing: Automatically create Jira issues from Google SecOps alerts using the Jira Connector to streamline the handoff between security and IT teams.
-
Bidirectional synchronization: Maintain consistency across platforms by automatically syncing comments and status changes between Jira tickets and Google SecOps cases using dedicated sync jobs.
-
Incident enrichment: Attach evidence, logs, and screenshots directly to Jira issues using the Upload Attachment action to provide full context to remediators.
-
Dynamic task management: Update, assign, or link related Jira issues directly from the Google SecOps playbook to automate standard operating procedures (SOPs).
Before you begin
Before you configure the Jiraintegration in the Google SecOps platform, verify that you have the following:
-
Product compatibility: Access to either a Jira Cloud instance or a Jira Data Center (On-Prem) environment.
-
Authentication method: Choose an authentication method.
- Basic authentication (Jira Cloud): Requires a username (email) and an Atlassian API Token .
- Service account authentication (Jira Cloud): Requires a Service Account Token and your Cloud ID.
- Standard authentication (Jira Data Center): Requires a valid username and password.
-
API root URL: The format of the API root depends on your authentication method.
- Standard/ Basic: The base URL of your Jira instance (for example,
https://yourdomain.atlassian.net). - Service account: The Atlassian API proxy URL, which must include your
Cloud ID (for example,
https://api.atlassian.com/ex/jira/{cloud_id}).
- Standard/ Basic: The base URL of your Jira instance (for example,
Set up authentication for Jira Cloud
To connect to Jira Cloud using an API token, follow the instructions in the Atlassian documentation to generate a token.
Set up authentication for service accounts
To use token-based authentication (Bearer Token) for Jira Cloud:
-
See Understand service accounts for more details on creating a service account using the Atlassian Admin console .
-
Retrieve your Cloud ID by navigating to:
https://<your_tenant>.atlassian.net/_edge/tenant_info(where<your_tenant>is your specific Atlassian instance name). -
When configuring the integration, leave the Usernamefield blank to trigger Bearer Token authentication.
Integration parameters
The Jiraintegration requires the following parameters:
Api Root
Required.
The base URL of the Jira instance.
Username
Optional.
The username (email) used to connect to Jira.
The requirement for this parameter depends on the chosen authentication method:
- If provided, the system uses Basic authentication.
- If left empty, the system defaults to Bearer Token authentication (required for service accounts).
For more information on authentication methods, see Before you begin .
Api Token
Required.
The authentication credential used to connect to Jira.
This field accepts API tokens, service account tokens, or standard passwords (for Data Center).
Verify SSL
Optional.
If selected, the integration validates the SSL certificate when connecting to the Jira server.
For instructions about how to configure an integration in Google SecOps, see Configure integrations .
You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances .
Actions
For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action .
Add Comment
Use the Add Commentaction to compose and add a comment to an existing Jira issue.
This is an effective way to document findings, provide updates, and collaborate with team members directly from Google SecOps.
This action doesn't run on Google SecOps entities.
Action inputs
The Add Commentaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key
|
Required. The unique identifier of the Jira issue (for example, |
Comment
|
Required. The text to add to the Jira issue. |
Action outputs
The Add Commentaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Add Commentaction:
| Script result name | Value |
|---|---|
comment_id
|
The unique ID of the newly created comment in Jira. |
Assign Issue
Use the Assign Issueaction to assign a Jira issue to a specific user.
This action doesn't run on Google SecOps entities.
Action inputs
The Assign Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key
|
Required. The unique identifier of the Jira issue (for example, |
Assignee
|
Required. The name or email address of the user to assign the issue to. |
Jira Username
|
Optional. The Jira username of the person initiating the assignment action. |
Action outputs
The Assign Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Assign Issueaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
Create Alert Issue
Use the Create Alert Issueaction to create a new ticket in Jira for a specific alert.
This action is primarily used within playbooks to escalate security incidents to IT or engineering teams for further investigation or remediation.
This action doesn't run on Google SecOps entities.
Action inputs
The Create Alert Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Project Key
|
Required. The unique shorthand key of the Jira project where the issue is created
(such as |
Summary
|
Required. A brief title or summary of the issue. |
Issue Type
|
Required. The name of the issue type (such as |
Action outputs
The Create Alert Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when the action successfully creates an issue:
{
"summary"
:
"Sample issue"
,
"description"
:
"Create Enrich entities action using Insights API (IOC search). Write connector for alerts."
,
"project"
:
{
"key"
:
"PR"
,
"name"
:
"Project 1"
,
"projectTypeKey"
:
"software"
},
"issuetype"
:
{
"name"
:
"Task"
,
"subtask"
:
false
},
"status"
:
{
"name"
:
"DONE"
,
"statusCategory"
:
{
"name"
:
"Done"
,
"key"
:
"done"
}
},
"priority"
:
{
"name"
:
"Medium"
,
"id"
:
"3"
},
"creator"
:
{
"displayName"
:
"user1"
,
"emailAddress"
:
"john_doe@example.com"
},
"assignee"
:
{
"displayName"
:
"user2"
,
"emailAddress"
:
"john_doe@example.com"
},
"created"
:
"2018-06-19T15:23:13.701+0300"
,
"updated"
:
"2018-09-18T10:02:06.347+0300"
}
Script result
The following table lists the value for the script result output when using the Create Alert Issueaction:
| Script result name | Value |
|---|---|
issue_key
|
The unique shorthand key of the newly created Jira issue (for example, SEC-456
). |
Create Issue
Use the Create Issueaction to create a new ticket in a Jira project.
This action provides extensive customization options, including the ability to specify components, labels, and custom fields using JSON, making it suitable for complex ticket creation workflows.
This action doesn't run on Google SecOps entities.
Action inputs
The Create Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Project Key
|
Required. The unique shorthand key of the Jira project where the issue is created
(such as |
Summary
|
Required. A brief title or summary of the issue. |
Description
|
Optional. A detailed description of the issue. |
Issue Type
|
Required. The name of the issue type (such as |
Jira Username
|
Optional. The Jira username of the person initiating the action. |
Assignee
|
Optional. The identifier of the user to whom the issue is assigned. |
Components
|
Optional. A comma-separated list of Jira components to associate with the issue. |
Labels
|
Optional. A comma-separated list of labels to add to the issue. |
Custom Fields
|
Optional. A JSON object containing additional fields and values to set during
creation (for example, Values provided in this parameter take priority and overwrite other field mappings if a conflict occurs. |
Action outputs
The Create Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Create Issueaction:
{
"summary"
:
"Sample issue"
,
"description"
:
"Create Enrich entities action using Insights API (IOC search). Write connector for alerts. In a couple of days we will have access to an instance."
,
"project"
:
{
"key"
:
"PR"
,
"name"
:
"Project 1"
,
"projectTypeKey"
:
"software"
},
"issuetype"
:
{
"name"
:
"Task"
,
"description"
:
"A task that needs to be done."
,
"subtask"
:
false
},
"status"
:
{
"name"
:
"DONE"
,
"statusCategory"
:
{
"name"
:
"Done"
,
"key"
:
"done"
,
"colorName"
:
"green"
}
},
"priority"
:
{
"name"
:
"Medium"
,
"id"
:
"3"
},
"resolution"
:
{
"name"
:
"Done"
,
"description"
:
"Work has been completed on this issue."
},
"creator"
:
{
"displayName"
:
"user1"
,
"emailAddress"
:
"john_doe@example.com"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
},
"assignee"
:
{
"displayName"
:
"user2"
,
"emailAddress"
:
"john_doe@example.com"
,
"active"
:
true
},
"reporter"
:
{
"displayName"
:
"user1"
,
"emailAddress"
:
"john_doe@example.com"
},
"labels"
:
[
"Label1"
],
"attachment"
:
[
{
"id"
:
"1001"
,
"filename"
:
"file.rar"
,
"mimeType"
:
"binary/octet-stream"
,
"size"
:
15420
,
"created"
:
"2018-06-19T15:23:07.369+0300"
}
],
"created"
:
"2018-06-19T15:23:13.701+0300"
,
"updated"
:
"2018-09-18T10:02:06.347+0300"
,
"resolutiondate"
:
"2018-09-18T10:02:06.340+0300"
,
"watches"
:
{
"watchCount"
:
1
,
"isWatching"
:
false
}
}
Script result
The following table lists the value for the script result output when using the Create Issueaction:
| Script result name | Value |
|---|---|
issue_key
|
The unique shorthand key of the newly created Jira issue (for example, SEC-789
). |
Delete Issue
Use the Delete Issueaction to permanently remove an issue from Jira.
This action is typically used to clean up duplicate tickets or remove test data generated during playbook development.
This action doesn't run on Google SecOps entities.
Action inputs
The Delete Issueaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Key
|
Required. The unique shorthand key of the Jira issue to delete (for example, |
Action outputs
The Delete Issueaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Delete Issueaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
Download Attachments
Use the Download Attachmentsaction to retrieve all files attached to a
specific Jira issue. If an attachment is an .eml
file, the action also
downloads any files contained within that email.
This action doesn't run on Google SecOps entities.
Action inputs
The Download Attachmentsaction requires the following parameters:
Issue Key
Required.
The unique shorthand key of the Jira issue (for example, SEC-123
).
Download Path
Optional.
The local or internal path to the folder where the action saves the downloaded attachments.
The required format depends on your deployment type:
- SaaS Deployment: The path is internal to the hosted
platform, such as
/attachments/. - Remote Agent Deployment: The path must be an absolute, valid
directory path on the local machine where the remote agent is installed. For example,
C:\temp\attachmentsfor Windows or/var/tmp/attachments/for Linux.
Download Attachments to the Case Wall
Optional.
If selected, the action downloads the Jira issue attachments directly to the current Google SecOps case wall.
There is a size limitation for attachments added to the case wall. Large files may fail to upload.
Disabled by default.
Action outputs
The Download Attachmentsaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Download Attachmentsaction:
[
{
"download_path"
:
"downloads/Security_Evidence.eml"
,
"attachment_details"
:
{
"id"
:
"10007"
,
"filename"
:
"Security_Evidence.eml"
,
"author"
:
{
"displayName"
:
"Security Analyst"
,
"emailAddress"
:
"analyst@example.com"
,
"active"
:
true
,
"timeZone"
:
"Asia/Calcutta"
},
"created"
:
"2024-05-25T20:27:09.066+0530"
,
"size"
:
12049140
,
"mimeType"
:
"message/rfc822"
}
},
{
"download_path"
:
"downloads/Logs_Attachment.txt"
,
"attachment_details"
:
{
"id"
:
"10005"
,
"filename"
:
"Logs_Attachment.txt"
,
"author"
:
{
"displayName"
:
"System Admin"
,
"emailAddress"
:
"admin@example.com"
,
"active"
:
true
,
"timeZone"
:
"Asia/Calcutta"
},
"created"
:
"2024-05-16T11:48:24.141+0530"
,
"size"
:
43
,
"mimeType"
:
"text/plain"
}
}
]
Script result
The following table lists the value for the script result output when using the Download Attachmentsaction:
| Script result name | Value |
|---|---|
is_success
|
true
or false
|
Get Issues
Use the Get Issuesaction to retrieve full details for one or more Jira issues.
This action is useful for enriching Google SecOps cases with current ticket metadata (such as status, assignee, and priority).
This action doesn't run on Google SecOps entities.
Action inputs
The Get Issuesaction requires the following parameters:
| Parameter | Description |
|---|---|
Issue Keys
|
Required. A comma-separated list of Jira issue keys to fetch (for example, |
Action outputs
The Get Issuesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Get Issuesaction:
{
"issues_details_list"
:
[
{
"key"
:
"TES-65"
,
"summary"
:
"New summary"
,
"description"
:
"Detailed description of the security incident."
,
"project"
:
{
"key"
:
"TES"
,
"name"
:
"test-project1"
,
"projectTypeKey"
:
"software"
},
"issuetype"
:
{
"name"
:
"Bogue"
,
"subtask"
:
false
},
"status"
:
{
"name"
:
"Fini"
,
"statusCategory"
:
{
"name"
:
"Terminé"
,
"key"
:
"done"
}
},
"priority"
:
{
"name"
:
"Medium"
,
"id"
:
"3"
},
"assignee"
:
{
"displayName"
:
"Vasil Daskalov"
,
"emailAddress"
:
"vasil.daskalov@siemplify.co"
},
"creator"
:
{
"displayName"
:
"admin@siemplifylab.local"
,
"emailAddress"
:
"admin@siemplifylab.local"
},
"created"
:
"2021-08-31T12:15:22.089+0000"
,
"updated"
:
"2021-11-11T13:16:50.552+0000"
,
"resolution"
:
{
"name"
:
"Terminé"
,
"description"
:
"Ce ticket a été traité."
},
"labels"
:
[],
"components"
:
[]
}
]
}
Script result
The following table lists the value for the script result output when using the Get Issuesaction:
| Script result name | Value |
|---|---|
issues_details_list
|
A list containing the full metadata for the requested Jira issues. |
Link Issues
Use the Link Issuesaction to establish a relationship between multiple Jira issues.
This action is primarily used within playbooks to connect related security incidents or to track dependencies between investigation tickets.
This action doesn't run on Google SecOps entities.
Action inputs
The Link Issuesaction requires the following parameters:
| Parameter | Description |
|---|---|
Inward Issue ID
|
Required. A comma-separated list of inward issue IDs. For example, if |
Outward Issue IDs
|
Required. The shorthand key of the outward Jira issue. For example, if |
Relation Type
|
Required. The type of link to create between the issues. You can find a list of available relation types by running the List Relation Types action. The default value is |
Action outputs
The Link Issuesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Output messages
The Link Issuesaction can return the following output messages:
| Output message | Message description |
|---|---|
| Action wasn't able to find the following destination issues in Jira: ISSUE_IDS . |
The action succeeded |
Error executing action "Link Issues".
Reason: ERROR_REASON
|
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Link Issuesaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
List Issues
Use the List Issuesaction to search for and retrieve a list of Jira issue keys based on specific filtering criteria.
This action is useful for identifying existing tickets that match an alert context to avoid duplication or to perform bulk updates within a playbook.
This action doesn't run on Google SecOps entities.
Action inputs
The List Issuesaction provides the following optional filtering parameters. If no parameters are provided, the action returns all issues accessible by the integration user.
| Parameter | Description |
|---|---|
Project Names
|
Optional. A comma-separated list of project names to search within. |
Summary
|
Optional. If provided, the action filters issues by the specific summary or title. |
Description
|
Optional. If provided, the action filters issues by text contained in the description. |
Issue Types
|
Optional. A comma-separated list of issue types (for example, The default value is |
Priorities
|
Optional. A comma-separated list of priority levels to filter by (for example, |
Created From
|
Optional. If provided, the action filters for issues created on or after this date
(in the format |
Updated From
|
Optional. If provided, the action filters for issues updated on or after this date
(in the format |
Assignees
|
Optional. A comma-separated list of assignee identifiers to filter by. |
Reporter
|
Optional. A comma-separated list of reporter identifiers to filter by. |
Statuses
|
Optional. A comma-separated list of issue statuses to filter by (for example, |
Action outputs
The List Issuesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the List Issuesaction:
[
"PR-123"
,
"PR-124"
,
"SEC-789"
]
Script result
The following table lists the value for the script result output when using the List Issuesaction:
| Script result name | Value |
|---|---|
issues
|
A list containing the unique shorthand keys of the Jira issues found. |
List Relation Types
Use the List Relation Typesaction to retrieve a list of all available link relationship types configured in your Jira instance.
This action is useful for validating valid input values for the Link Issues action.
This action doesn't run on Google SecOps entities.
Action inputs
The List Relation Typesaction requires the following parameters:
Filter Key
Optional.
The field used to filter the relation types.
If the Filter Logic
is set to Equal
or Contains
, you must select a field other than Select One
to avoid an execution error.
The possible values are as follows:
-
Name -
Inward -
Outward
The default value is Select One
.
Filter Logic
Optional.
The logical operator applied to the filter.
The possible values are as follows:
-
Not Specified -
Equal -
Contains
The default value is Not Specified
.
Filter Value
Optional.
The specific string value used for filtering based on the selected Filter Key
and Filter Logic
.
If no value is provided, the filter is not applied even if a key and logic are selected.
Max Records To Return
Optional.
The maximum number of records to return in the results.
The default value is 50
.
Action outputs
The List Relation Typesaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
The List Relation Typesaction provides the following table:
Table name: Available Relation
Table columns:
- Name
- Inward
- Outward
JSON result
The following example shows the JSON result output received when using the List Relation Typesaction:
[{
"id"
:
"10000"
,
"name"
:
"Blocks"
,
"inward"
:
"is blocked by"
,
"outward"
:
"blocks"
}]
Output messages
The List Relation Typesaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
Error executing action "List Relation types".
Reason: ERROR_REASON
|
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the List Relation Typesaction:
| Script result name | Value |
|---|---|
is_success
|
true
or false
|
Ping
Use the Pingaction to test the connectivity to Jira.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
The Pingaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Script result
The following table lists the value for the script result output when using the Pingaction:
| Script result name | Value |
|---|---|
success
|
true
or false
|
Update Issue
Description
Update an issue. For the new Jira API, the action tries to find a match for the assignee to assign an issue based on user email, and then tries with the displayName field.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
Issue Key
|
String | N/A | Yes | The key of the issue to update. |
|
Status
|
String | N/A | No | Specify the relevant transition name, to transition this issue to the new desired status. |
|
Summary
|
String | N/A | No | The new summary of the issue. |
|
Description
|
String | N/A | No | The new description of the issue. |
|
Issue Type
|
String | N/A | No | The new type of the issue. |
|
Assignee
|
String | N/A | No | The new assignee of the issue. |
|
Jira Username
|
String | N/A | No | The Jira username of the action initiator. |
|
Components
|
String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
|
Custom Fields
|
JSON | NA | No | Specify a JSON object containing all of the fields and values that are used during issue creation. Note:This parameter has priority and all of the fields are overwritten with the value that is provided for this parameter. Example: {"field":"value"} |
|
Labels
|
String | N/A | No | The components field of the issue. This parameter accepts multiple values as a comma-separated string. |
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
Success
|
True/False | Success:False |
JSON Result
{
"comment"
:
{
"total"
:
0
,
"startAt"
:
0
,
"comments"
:
[],
"maxResults"
:
0
},
"creator"
:
{
"displayName"
:
"user1"
,
"name"
:
"user1"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user1user"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
"0"
},
"aggregatetimeestimate"
:
null
,
"labels"
:
[
"Label1"
],
"aggregatetimespent"
:
null
,
"watches"
:
{
"self"
:
""
,
"watchCount"
:
1
,
"isWatching"
:
false
},
"assignee"
:
{
"displayName"
:
"user2"
,
"name"
:
"user2"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user2"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
""
},
"lastViewed"
:
"2019-01-22T10:14:02.910+0200"
,
"issuelinks"
:
[],
"Worklog"
:
{
"worklogs"
:
[],
"total"
:
0
,
"startAt"
:
0
,
"maxResults"
:
20
},
"aggregateprogress"
:
{
"progress"
:
0
,
"total"
:
0
},
"Priority"
:
{
"iconUrl"
:
""
,
"self"
:
""
,
"name"
:
"Medium"
,
"id"
:
"3"
},
"votes"
:
{
"hasVoted"
:
false
,
"self"
:
""
,
"votes"
:
0
},
"workratio"
:
-1
,
"fixVersions"
:
[],
"environment"
:
null
,
"timespent"
:
null
,
"attachment"
:
[{
"mimeType"
:
"binary/octet-stream"
,
"created"
:
"2018-06-19T15:23:07.369+0300"
,
"self"
:
""
,
"author"
:
{
"displayName"
:
"user1"
,
"name"
:
"user1"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user1"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
"0"
},
"filename"
:
"file.rar"
,
"content"
:
""
,
"id"
:
"0"
,
"size"
:
0
}],
"progress"
:
{
"progress"
:
0
,
"total"
:
0
},
"duedate"
:
null
,
"status"
:
{
"statusCategory"
:
{
"name"
:
"Done"
,
"self"
:
""
,
"id"
:
3
,
"key"
:
"done"
,
"colorName"
:
"green"
},
"description"
:
""
,
"self"
:
""
,
"iconUrl"
:
""
,
"id"
:
"0"
,
"name"
:
"DONE"
},
"updated"
:
"2018-09-18T10:02:06.347+0300"
,
"subtasks"
:
[],
"description"
:
"Create Enrich entities action using Insights API (IOC search)\\n\\nWrite connector for laerts\\n\\nIn a couple of days we will have access to an instance"
,
"reporter"
:
{
"displayName"
:
"user1"
,
"name"
:
"user1"
,
"self"
:
""
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"emailAddress"
:
"john_doe@example.com"
,
"key"
:
"user1"
,
"active"
:
true
,
"timeZone"
:
"Asia/Jerusalem"
,
"accountId"
:
"0"
},
"timeoriginalestimate"
:
null
,
"aggregatetimeoriginalestimate"
:
null
,
"created"
:
"2018-06-19T15:23:13.701+0300"
,
"versions"
:
[],
"resolutiondate"
:
"2018-09-18T10:02:06.340+0300"
,
"summary"
:
"Sample issue"
,
"project"
:
{
"name"
:
"Project 1"
,
"self"
:
""
,
"projectTypeKey"
:
"software"
,
"avatarUrls"
:
{
"24x24"
:
""
,
"16x16"
:
""
,
"48x48"
:
""
,
"32x32"
:
""
},
"key"
:
"PR"
,
"id"
:
"0"
},
"timetracking"
:
{},
"components"
:
[],
"issuetype"
:
{
"name"
:
"Task"
,
"self"
:
""
,
"iconUrl"
:
""
,
"subtask"
:
false
,
"avatarId"
:
10318
,
"id"
:
"10002"
,
"description"
:
"A task that needs to be done."
},
"security"
:
null
,
"resolution"
:
{
"id"
:
"10000"
,
"self"
:
""
,
"description"
:
"Work has been completed on this issue."
,
"name"
:
"Done"
},
"timeestimate"
:
null
}
Upload Attachment
Description
Add an attachment to an issue.
Parameters
The absolute paths of the files to upload, separated by commas.
The required format depends on your deployment type:
- SaaS Deployment: The path is internal to the hosted
platform, such as
/attachments/. - Remote Agent Deployment: The path must be an absolute, valid
directory path on the local machine where the remote agent is installed. For example,
C:\temp\attachmentsfor Windows or/var/tmp/attachments/for Linux.
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Search Users
Search users in Jira.
Entities
This action doesn't run on entities.
Action inputs
To configure the action, use the following parameters:
User Email Addresses
Comma-separated list of email addresses to return the users for.
User Names
Comma-separated list of usernames to return the users for.
Project
Name of the project to search email addresses in. If provided, only Project Assignable Users
is returned.
Action outputs
Script result
| Script result name | Value |
|---|---|
| is_success | True/False |
JSON result
[
{
"Entity"
:
"example"
,
"EntityResult"
:
{
"_resource"
:
"user?accountId={0}"
,
"_options"
:
{
"server"
:
"https://siemplify.atlassian.net"
,
"auth_url"
:
"/rest/auth/1/session"
,
"context_path"
:
"/"
,
"rest_path"
:
"api"
,
"rest_api_version"
:
"2"
,
"agile_rest_path"
:
"agile"
,
"agile_rest_api_version"
:
"1.0"
,
"verify"
:
false
,
"resilient"
:
true
,
"async"
:
false
,
"async_workers"
:
5
,
"client_cert"
:
null
,
"check_update"
:
false
,
"delay_reload"
:
0
,
"headers"
:
{
"Cache-Control"
:
"no-cache"
,
"Content-Type"
:
"application/json"
,
"X-Atlassian-Token"
:
"no-check"
}
},
"_session"
:
"<jira.resilientsession.ResilientSession object>"
,
"_base_url"
:
"{server}/rest/{rest_path}/{rest_api_version}/{path}"
,
"raw"
:
{
"self"
:
"https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id"
,
"accountId"
:
"example-account-id"
,
"accountType"
:
"atlassian"
,
"emailAddress"
:
"example.user"
,
"avatarUrls"
:
{
"48x48"
:
"https://example.com"
},
"displayName"
:
"Example"
,
"active"
:
true
,
"timeZone"
:
"UTC"
,
"locale"
:
"en_US"
},
"self"
:
"https://siemplify.atlassian.net/rest/api/2/user?accountId=example-account-id"
,
"accountId"
:
"example-account-id"
,
"accountType"
:
"atlassian"
,
"emailAddress"
:
"example.user"
,
"avatarUrls"
:
"<jira.resources.PropertyHolder object>"
,
"displayName"
:
"Example"
,
"active"
:
true
,
"timeZone"
:
"UTC"
,
"locale"
:
"en_US"
}
}
]
Case wall
The action provides the following output messages:
| Output message | Message description |
|---|---|
| |
Action succeeded. |
Error executing action "Search Users".
Reason: ERROR_REASON
|
Action failed. Check connection to the server, input parameters, or credentials. |
Connectors
Jira Connector
Description
Fetch issues from Jira to Google SecOps.
Configure Jira Connector in Google SecOps
For detailed instructions on how to configure a connector in Google SecOps, see Configuring the connector .
Connector parameters
Use the following parameters to configure the connector:
DeviceProductField
Required.
The field name used to determine the device product.
The default value is device_product
.
EventClassId
Optional.
The field name used to determine the event name (sub-type).
The default value is name
.
PythonProcessTimeout
Required.
The timeout limit (in seconds) for the python process running current script.
The default value is 60
.
API Root
Required.
The API root of the Jira instance.
The default value is https://{jira_address}
.
Username
Optional.
The username (email) used to connect to Jira.
The requirement for this parameter depends on the chosen authentication method:
- If provided, the system uses Basic authentication.
- If left empty, the system defaults to Bearer Token authentication (required for service accounts).
For more information on authentication methods, see Before you begin .
API Token
Required.
The authentication credential used to connect to Jira.
Days Backwards
Optional.
Max number of days backwards to pull alerts from.
The default value is 5
.
Max Tickets Per Cycle
Optional.
Max tickets to fetch and process in one connector cycle.
The default value is 10
.
Project Names
Optional.
Project names separated by a comma.
Issue Statuses
Optional.
Issues' statuses separated by a comma.
Assignees
Optional.
Users' full names separated by a comma.
Issue Types
Optional.
Issue types separated by a comma.
Issue Priorities
Optional.
Issue priorities separated by a comma.
Issue Components
Optional.
Issue components separated by a comma.
Proxy Server Address
Optional.
The address of the proxy server to use.
Proxy Username
Optional.
The proxy username to authenticate with.
Proxy Password
Optional.
The proxy password to authenticate with.
Environment Field Name
Optional.
Describes the name of the field where the environment name is stored. If the environment field isn't found, the environment is the default environment.
The default value is ""
.
Environment Regex Pattern
Optional.
A regex pattern to run on the value found in the "Environment Field Name" field. Used to allow the user to manipulate the environment field using regex logic.
The default value is .*
.
Use Jira Project as Environment
Optional.
Use Jira project as environment or use Environment Field Name as environment.
Verify SSL
Required.
If selected, the integration validates the SSL certificate when connecting to the Jira server.
Enabled by default.
Connector Rules
Proxy Support
The connector supports proxy.
Dynamic list and blocklist
The connector supports dynamic list and blocklist rules only for specific labels inside Jira.
Jobs
Sync Closure Job
Description
Close tickets in Jira if corresponding Google SecOps alerts were closed.
Parameters
API Root
Required.
Jira instance API root URL.
The default value is https://{jira_address}
.
Username
Optional.
The username (email) used to connect to Jira.
The requirement for this parameter depends on the chosen authentication method:
- If provided, the system uses Basic authentication.
- If left empty, the system defaults to Bearer Token authentication (required for service accounts).
API Token
Required.
The authentication credential used to connect to Jira.
Project Names
Required.
Jira project names separated by a comma that job should monitor.
The default value is project names separated by a comma
.
Environment
Optional.
The environment name.
Days Backwards
Required.
Maximum number of days to sync tickets status backward.
The default value is 1
.
Sync Comments Job
Description
Sync comments between the Google SecOps case and the corresponding Jira ticket. Synchronizing is bidirectional—that is, from Google SecOps to Jira and from Jira to Google SecOps.
When the job creates a comment, it applies the prefix. If a Google SecOps user comments in t\he Google SecOps case, the job creates and synchronizes the user comment in the corresponding Jira ticket using the Chronicle Comment Prefixparameter.
This feature is added for two purposes:
- Visibility.
- Prevent comments added by the job from being synced again to the other side, and cause a loop.
Parameters
API Root
Required.
Jira instance API root URL.
The default value is https://{jira_address}
.
Username
Optional.
The username (email) used to connect to Jira.
The requirement for this parameter depends on the chosen authentication method:
- If provided, the system uses Basic authentication.
- If left empty, the system defaults to Bearer Token authentication (required for service accounts).
API Token
Required.
The authentication credential used to connect to Jira.
Project Names
Required.
Jira project names separated by a comma that job should monitor.
The default value is project names separated by comma
.
Environment
Optional.
The environment name.
Siemplify Comment Prefix
Required.
Prefix that is added by the sync job to comments created for Jira tickets.
The default value is Google SecOps:
.
Jira Comment Prefix
Required.
Prefix that is added by the sync job to the Google SecOps alert case comments.
The default value is Jira Comment Sync Job:
.
Need more help? Get answers from Community members and Google SecOps professionals.
