Hi,
to create a Jira connector in Alerts and Actions, Email and API token are required fields. I can't find any information, how to configure this in Jira. Do I have to define an application in Jira ? But no email is necessary for an application in Jira.
Can anybody help or provide a link to the documentation for this Jira connector ? Thanks in advance .
Unfortunately not. The configuration for Watcher is fine and we use it, but if you look at the mandatory fields for the Jira Connector in the new Alerts and Actions framework, these fields Email and API token are what I have a problem with.
If your instance is self-hosted API token authentication is not supported. Nevertheless, you can put your username in the email field and your password in the API token field and the connector should work without issues.
unfortunately this doesn't work. I've entered the credendials and I can save it, but when I reopen the Connector settings, the entries are gone. I've upgraded the instance to 7.8.1 tonight to have the latest changes available. Could it be a problem, that the usernames we use are the email addresses and that misleads in the code ?
This is the expected behaviour. The credentials in the connector's update form (the flyout that is being shown when you press the Update connector button) are not being there in purpose. All other fields should be presented. Nevertheless, the credentials are saved and the connector can be used. The format of the username shouldn't matter. Did you try to push a case to Jira? Did you get an error?
I forgot to mention, our stack is running in Elastic Cloud. Maybe I need to add something in the keystore settings like I've done to get this working with Watcher ?
the curl statement works with two small changes.
The first one is probably related to the os I'm using. I had to change --data-raw to just --data, because --data-raw option is not available.
The second one is the issuetype, I couldn't take "Task", because this type is not allowed in the project I wnat to send to.
The test-ticket was created then.
In the Jira action, I miss the issuetype, do you always take "Task" as a default. As mentioned before, "Task" is not a valid option in the project I want to send to, maybe this is the problem ?
Yes, your are right, that's the problem. We always take "Task" as a default. Because your project does not have the "Task" option as an issue type you get a "400 - Bad request". As a temporary solution, I would suggest creating a project that supports the "Task" issue type. I will bring that to my team and discuss possible solutions. As a user, what would be ideal for you?
no, using another project with issuetype "Task" is no solution, because we're controling too much in Jira based on the issuetype. And nobody will change that manually on each new case.
At the moment, we use Jira actions in Watcher, beside the issuetype we currently also set priority, labels and environment from the fields available in the Jira action in Watcher.
Regarding UI, it must be possible to set the issuetype in the SIEM case, on the screen it could be placed near to the Tags field, would make sense to me. By the way, I could think of mapping the Tags field from the SIEM case to the Jira labels field. When I look at the SIEM Action API docs, this field is not mapped, right?
I could think of more useful functionality in the create-case action. The most important missing function for us would be the link-issue function from the Jira API. We use this a lot in Jira, actually we are linking new cases manually in Jira. This would be a big improvement for us in a future release update.
Sorry for the late reply. Thank you for your feedback! It is very valuable. I brought it to my team and we put it to our backlog. Unfortunately, for the moment you cannot create issues that do not support the "Task" issue type.
one addition regarding the issuetype. We've discussed this again, and we think it would be sufficient to set the issuetype in the connector settings, we probably will not us multiple issuetypes in a Jira project. Maybe this is much easier to implement than to have it in the single case.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.