Prerequisites

Let's look at the required configurations and permissions to run the Jira Connector. The prerequisites are divided into three categories. System prerequisites, Qualys prerequisites, and Jira prerequisites.

System Prerequisites

The requirements to fulfill from your system configurations to start with the Jira Connector.

Install Docker Compose.
A valid Qualys subscription with API access enabled for Host Detection, KnowledgeBase, and WAS finding APIs.
Minimum available disk space of 20GB.
Minimum RAM of 8GB.

Qualys Prerequisites

The requirements to fulfill from your Qualys account configurations to start with the Jira Connector.

Roles and Permissions for Available APIs

See below for the API URLs for Knowledgebase, Host Detection and WAS Finding with their required roles and permissions.

KnowledgebaseKnowledgebase

/api/2.0/fo/knowledge_base/vuln/?action=list

Role	Permissions
Manager, Unit Manager, Scanner, Reader	Download vulnerability data from the KnowledgeBase.
Auditor	No permission to download vulnerability data from the KnowledgeBase.

Host DetectionsHost Detections

/api/2.0/fo/asset/host/vm/detection/

Role	Permissions
Managers	View all VM scanned hosts in subscription
Unit Managers	View VM scanned hosts in the user’s assigned business unit.
Scanners and Readers	View VM scanned hosts in the user’s account.
Auditors	Have no permission to view VM scanned hosts.

This API is available to Express Lite users.
API only returns information for hosts that are assigned to each user through asset groups in VM/VMDR.

Refer to Qualys API (VM, PC) User Guide for more.

WAS FindingsWAS Findings

/qps/rest/3.0/search/was/finding

Permissions required

User account must enable WAS module with the permission -

Access Permission “API Access”.

Refer to Qualys API (WAS) User Guide for more.

Jira Prerequisites

The requirements to fulfill from your Jira account configurations to start with the Jira Connector.

A valid Jira user with privileges to create, update, transition, link/unlink, and comment on tickets. Jira On-Cloud cannot be run with automated flow as admin users are not supported.
A Jira API token was created using the same user mentioned above.
The Jira project where tickets are to be created must be of type 'Company Managed'
Select the Default Screen scheme for projects where the tickets are to be created.
The Jira Connector supports setting mandatory fields. However, it is recommended not to set any of the fields in the Jira project as mandatory to avoid possible ticket creation failure. You can read about the optimal way to set mandatory fields by referring to Mandatory Fields in Ticketing Schemes.
The Jira Connector is supported for both On-Cloud and On-Premise. Jira Connector running on On-Premise and On-Cloud with non-admin user privileges require additional prerequisites that can be referred to in Additional requirements for Jira Connector.
Ensure you have a minimum supported Jira On-Premise version of v8.22.0#822000-sha1:cef2cc4 or above.
Before you begin with the rest of the configurations, let's understand the types of tickets/issues the Jira connector creates in your instance.
For WAS ticketing scheme, you should enable 'allow attachment' on the Jira instance. You should also enable the 'add attachment' permission.