Filtering what we feed into Jira
Closed this issue · 1 comments
Hi,
We recently got our Jira integration working with Tenable. However we are having some issues setting up our filters so we get the vulnerabilities we want to feed into our Jira project.
How would it be best to filter so we only get tickets in for devices that:
- Have been seen within the last 7 days.
- Have a known exploitable vulnerability, with the vulnerability being present for 5 days and older on the system.
- Severity is Critical or High
Could we do this on the Tenable side or would it require most customization on the Jira side?
Have been seen within the last 7 days.
Its worth noting that this integration maintains the state of the findings its exporting. If you would like to restrict to the last 7 days to start, then you'd just need to set the age parameter in the config.
https://github.com/tenable/integration-jira-cloud/blob/main/tmpl_v2_new_config.toml#L45
Have a known exploitable vulnerability, with the vulnerability being present for 5 days and older on the system.
The bulk export APIs dont have this level of fidelity. This also would conflict with the nature of populating the data into jira as soon as its known with all the date attributes for you to search on w/in Jira. If you would like to add an exploitable field to be returned with the issues, that would be fairly easy to add. just append the following at the bottom of the config:
[[jira.fields]]
name = "Is Exploitable"
screen_tab = "Vulnerability"
type = "readonlyfield"
searcher = "textsearcher"
task_types = ["task", "subtask"]
attr.tvm = "plugin.exploit_available"
attr.tsc = "exploitAvailable"Severity is Critical or High
Severity can be set with the severity parameter in the config file.
https://github.com/tenable/integration-jira-cloud/blob/main/tmpl_v2_new_config.toml#L41