41b497012a
All templates that appear from day 1 will be affected. Next templates will be uploaded with new times of upload |
||
|---|---|---|
| .. | ||
| alert-trigger | ||
| images | ||
| incident-trigger | ||
| readme.md | ||
readme.md
Create-Jira-Issue
author: Yaniv Shasha, Benjamin Kovacevic
This playbook will open a Jira Issue when a new incident is opened in Azure Sentinel.
Prerequisites
We will need following data to make Jira connector:
- Jira instance (ex. xyz.atlassian.net)
- Jira API (create API token on https://id.atlassian.com/manage-profile/security/api-tokens)
- User email
Quick Deployment
Deploy with incident trigger (recommended)
After deployment, attach this playbook to an automation rule so it runs when the incident is created.
Learn more about automation rules
Deploy with alert trigger
After deployment, you can run this playbook manually on an alert or attach it to an analytics rule so it will rune when an alert is created.
Post-deployment
Go to Playbook edit mode and fix Jira connection with data from Prerequisite.
When connection is fixed, choose your:
- Jira Project (where you want to sync Azure Sentinel incidents to) and
- Issue Type Id (Azure Sentinel incident issue type in Jira - Task, Story, Bug,...).
Note: This step is necessary only if you are deploying the Playbook using Alert trigger method from above
We will need to assign Azure Sentinel Reader role to the Playbooks Managed Identity:
- Open Playbook and go to Settings > Identity
- Click on Azure Role Assignments and then on Add Role Assignment
- For Scope choose Resource group and make sure that subscription and resource group are where Azure Sentinel and Playbook are deployed. For Role choose Azure Sentinel Reader and click on Save.
Screenshots
Incident Trigger
Alert Trigger
Example in Jira
