Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

Jira is a ticketing system which is implemented in both OUTSCAN and HIAB. It can be used in many ways and has different projects to organize the various usages. Tickets (issues) can be created with an assignee who is responsible for getting it done and a reporter who created it. When Jira is enabled, it will be visible as a ticket system, both in Assign Task and Event Notifications. Recently, 

Note

A linked issue can be created between projects or sub-tasks if it is a bigger task. The Jira instance must be running HTTPS.

Configuring OAuth in Jira

Note

This is required only when you use OAuth authentication method for Jira on OUTSCAN/HIAB. To set up, Jira Administrator access is a prerequisite.

Follow the below procedure to set up OAuth in Jira:  

  1. Login to OUTSCAN/HIAB.
  2. Go to Settings >Integrations and click on the Keys tab. If it has no content, click the Generate new button and copy the public key.
  3. Go to Jira and log in (as administrator).
  4. Go to Jira administration > Applications > Application links.

    Note

    To set up OAuth using Jira cloud, go to Jira administration > Products > Application links and then proceed according to the instructions.

  5. Enter the url to OUTSCAN or your HIAB and click on Create new link.

    Important!

    The url to OUTSCAN or HIAB must not end with a /.

    Ex:

    https://outscan.outpost24.com

    Note

    You might get a warning that no response is received, which is fine. 
  6. Click Continue.
  7. Now we set up the actual connection,
    1. Application Name: Provide a name for this connection to view in Jira.
    2. Application Type: Generic Application.
  8. Click the Create incoming link checkbox and click on continue.
  9. Fill in the remaining details:
    1. Consumer key: Any text string but maybe a randomly generated one.
    2. Consumer Name: Provide a name. It can be same as application name.
    3. Public Key: Paste the public key that is copied from OUTSCAN/HIAB.
  10. Click on Register Application.

Set Up Jira Integration

Prerequisites

  • HTTPS certificate from the Jira server.
  • The user should have permission to read issues and to create new issues.
  • It is required to have Jira set up to accept sub-tasks and priority fields, these must also be set as required in Jira.

  • It is important that no custom fields are set up to be required, since nor the HIAB or OUTSCAN does provide information fore those fields.

Setting up

To set up Jira:

  1. Download the HTTPS certificate from your Jira server.
  2. Go to Main Menu > Settings > Integrations.
  3. Select the Jira tab.
  4. Fill in the forms in the Integration Settings window for Jira. Depending on the type of authentication chosen, the options vary.

    1. When Basic Auth is selected, 

       

      OptionDescription
      Enabled

      Select the Enable checkbox to enable Jira. 

      URIProvide the URI of Jira server (only https protocol is supported).
      Project KeyProvide the project key from the Jira instance to use.
      Issue Type

      Jira can be used to track different types of issue. The common Issue types used are Bug, Epic, and Story. 

      Finished StatusMention the status of the Jira issue.
      Authentication

      Select Basic Auth.

      UsernameProvide the username to authenticate against Jira server. 
      PasswordProvide the password to authenticate against Jira server. 
      Link old issues

      Enable this feature if you want to link old issues. It is useful when you regenerate tickets for similar issue.

      Note

      When a ticket for a finding already exist in Jira but is closed, a new ticket is created. If the Link old issues check box is selected, the old closed ticket is linked to the new.

      CertificateUpload the SSL certificate of the Jira instance.

      Certificate uploaded 

      Displays Yes if a certificate has been uploaded and No if there is no certificate available.

      Reset (optional)

      Click Reset to fully remove the current settings. It disables the integration and it does not have to be done after you have disabled it since you might want to use the same settings again. 

    2. When OAuth is selected,



      OptionDescription
      Enabled

      Select the Enable checkbox to enable Jira. 

      URIProvide the URI of Jira server (only https protocol is supported).
      Project KeyProvide the project key from the Jira instance to use.
      Issue Type

      Jira can be used to track different types of issue. The common Issue types used are Bug, Epic, and Story. 

      Finished StatusMention the status of the Jira issue.
      Authentication

      Select OAuth.

      OAuth Consumer KeyProvide the same ConsumerKey that is set in Jira.             
      Link old issues

      Enable this feature if you want to link old issues. It is useful when you regenerate tickets for similar issue.

      Note

      When a ticket for a finding already exist in Jira but is closed, a new ticket is created. If the Link old issues check box is selected, the old closed ticket is linked to the new.

      CertificateUpload the SSL certificate of the Jira instance.

      Certificate uploaded 

      Displays Yes if a certificate has been uploaded and No if there is no certificate available.

      Authenticate

      Click on Authenticate to establish the connection. After clicking, it pops up with a link to your Jira.

      1. Open the link (either by clicking it which will open a new tab, or copy pasting it to your browser). If you do not have a valid session for Jira you will be asked to log in.
      2. It should open a page asking you to allow or deny the application (it will show whatever was configured as "Application name" here).
      3. Click Allow.
      4. Go back to OUTSCAN/HIAB  and press ok on the popup with the link.
      Reset (optional)Click Reset to fully remove the current settings. It disables the integration and it does not have to be done after you have disabled it since you might want to use the same settings again. 
  5. Click Save to save the current settings. 


Note

Unless you get any error, the Jira integration is now configured.

Tickets

Note

The user should have permission to read issues and to create new issues.

If you scan a lot of targets, it is recommended to have a separate Jira project for these tickets, since they can easily reach high in numbers. Every new finding can create one or more new tickets in your Jira server.

There is no maintenance needed except synchronizing configuration if you re-configure your Jira in any way. Synchronization between Jira and OUTSCAN/HIAB is periodic.

Note

This may cause up to X minutes delay in the update.

Creating a Ticket

After enabling Jira, use any of the following ways to create a ticket:

Method 1

  1. Go to Main Reporting Tools > Findings.
  2. Right click on any finding, select Assign task.

    Integration04

  3. Select Jira in the ticket system drop-down menu.
  4. Click Save to create a ticket.

Method 2

  1. Go to PCI scanning > Reports.
  2. Right click on a finding, select Assign task.
  3. Select Jira in the ticket system drop-down menu.
  4. Click Save to create a ticket.

Method 3

  1. Go to Event Notifications.
  2. Click +New.
  3. Select Jira in the Action drop-down menu.

    Note

    This action is only available for Finding Information, Low Risk, Medium Risk, and High Risk.

  4. Click Save to create tickets whenever a report is created with findings of the type of the event.


Reference

Integrations