Understanding Ticketing Templates
The types of tickets that can be created for detection data are saved as templates in the ticketing scheme template JSON file. The type of ticketing schemes you select helps you manage the tickets in your Jira.
When configuring your ticketing scheme, consider these mapping methods for your convenience.
Metadata
The metadata of the ticketing templates contain the following fields.
- Module Name - Name of the module for which this Template is used.
- operationFields - The Jira connector generates tickets with statuses determined by the 'workflowMappings' parameter, based on the Detection status of operationFields.
- ProjectKey - The Project Key set in config.json determines which Jira Instance receives the created tickets.
Operation Mapping
The Jira Connector updates ticket status based on the operationField's "${STATUS}", following the operationmapping parameter's specifications.
Workflow Mapping
The Jira connector creates tickets based on the Detection "${STATUS}" of operationFields. The ticket status is determined by the 'workflowMappings' parameter in the Ticketing template.
The 'workflowmapping' section in the Ticketing template can be updated as per your Jira instance's workflow. The mapping must be updated if you make workflow changes in your Jira instance. Failure to synchronize these changes may result in ticketing failures.
Priority Mapping
When creating tickets, the Jira Connector can map the issue priority based on risk scores.
- When creating tickets, the Jira Connector can map the issue priority based on risk scores.
- For HD Profile Jira Connector maps the issue priority by analyzing the QDS score or Vuln Severity for detections and the TruRisk score for the Host. If risk scoring is not enabled, the default Jira instance priority is set.
You cannot alter the 1-100 score range as this is the range followed for QDS scoring. Also You cannot alter the 0-1000 score range as this is the range followed for TrueRisk scoring.
You can set the priorities using severity level for related Ticket by replacing the 'matchWith' field value with the value provided for the 'severity' custom field. - For WAS, CS-Image and CS-Container- The Jira Connector maps the issue priority by analyzing the Severity Level.
- For HD Profile Jira Connector maps the issue priority by analyzing the QDS score or Vuln Severity for detections and the TruRisk score for the Host. If risk scoring is not enabled, the default Jira instance priority is set.
- You can change the default levels, "Highest," "High," "Medium," and "Low," as per the priority configuration in your Jira Instance.
Payload
- Parent Payload - Parent Ticket is created based on the Parent Payload data.
- Related ticket - Related Ticket is created based on the related Payload data. It includes Custom fields which are mapped to the respective field name from API response.
- Payload data. It includes Custom fields which are mapped to the respective field name from API response.
- Primary Key - Primary Key is Unique identifier for this ticket. Jira Connector creates ticket based on the primary Key. We can’t customize Primary key Custom Field.
- For all the below ticketing schemes, a ticket is not created if the detection is synced for the first time in Fixed status.
- The Jira connector only creates tickets with the fields described in the ticketing template files. Adding or updating fields in the JSON template can lead to failure while creating tickets. Contact support in case of any errors.