1. Overview

Prisma Cloud continually scans your environment for vulnerabilities using the threat data in the Intelligence Stream. Prisma Cloud can open JIRA issues when new vulnerabilities are detected in your environment. This mechanism lets you implement continuous vulnerability assessment and remediation by hooking directly into the developer’s workflow.

New JIRA issues are opened when new vulnerabilities are found. Issues are opened on a per-image basis. Each JIRA issue lists the new vulnerabilities discovered, and a list of vulnerabilities that have already been reported but were still detected.

JIRA issues are opened based on policy. For example, an issue would be created when all of the following conditions are met:

  • You have a rule that alerts on critical vulnerabilities,

  • The rule is associated with your JIRA alert profile,

  • The Prisma Cloud scanner finds a critical vulnerability in an image in your environment.

The following screenshot shows an example JIRA issue opened by Prisma Cloud.

alerts example jira issue

2. Intelligent issue routing

You can leverage image labels to intelligently route alerts to the right team, and eliminate manual ticket triage. For example, if team-a is responsible for image-a, and a vulnerability is found in image-a, you could set up the alert to flow directly to team-a’s JIRA queue.

Intelligent routing depends on a Prisma Cloud feature called alert labels, where you define labels that Prisma Cloud should watch. When rules trigger, Prisma Cloud extracts the value of the label from the resource, and applies it to the next phase of alert processing. For JIRA alerts, you can use labels to specify the JIRA project key, JIRA labels, and JIRA issue assignee.

For example, if you have an image with the following labels:

group=front-end-group
team=client-team
business-app=my-business-app

You could configure Prisma Cloud to open issues about this specific image in the JIRA project defined by the group label.

2.1. Configuring alert frequency

You can configure the rate at which alerts are emitted. This is a global setting that controls the spamminess of the alert service. Alerts received during the specified period are aggregated into a single alert. For each alert profile, an alert is sent as soon as the first matching event is received. All subsequent alerts are sent once per period.

  1. Open Console, and go to Manage > Alerts.

  2. In Aggregate audits every, specify the maximum rate that alerts should be sent.

    You can specify Second, Minute, Hour, Day.

    frag configure alerts

3. Integrating Prisma Cloud with JIRA

Alert profiles specify which events should trigger the alert machinery, and to which channel alerts are sent. You can send alerts to any combination of channels by creating multiple alert profiles.

Alert profiles consist of two parts:

(1) Alert settings — Who should get the alerts, and on what channel? Configure Prisma Cloud to integrate with your messaging service and specify the people or places where alerts should be sent. For example, configure the email channel and specify a list of all the email addresses where alerts should be sent. Or for JIRA, configure the project where the issue should be created, a long with the type of issue, priority, assignee, and so on.

(2) Alert triggers — Which events should trigger an alert to be sent? Specify which of the rules that make up your overall policy should trigger alerts.

jira config

If you use multi-factor authentication, you must create an exception or app-specific password to allow Console to authenticate to the service.

4. Create new alert profile

Create a new alert profile.

  1. In Manage > Alerts, click Add profile.

  2. Enter a name for your alert profile.

  3. In Provider, select JIRA.

5. Configure the channel

Configure the channel.

  1. In Base URL, specify the location of your JIRA service.

  2. In Credential, create the credentials required to access the account.

    1. Click Add new.

    2. Select Basic authentication.

    3. Enter a username and password.

      If you are using Jira Cloud, this will be an email address and API token respectively. You can generate your API token here.
    4. Click Save.

  3. In CA certificate, enter a copy of the CA certificate in PEM format.

  4. In Project key, enter a project key.

    Alternatively, you can dynamically specify the project key based on a label. When an alert fires, the project key is taken from the label of the resource that triggered the action. To do so, click Select labels…​, and choose a label that you know will contain the project key. If there are no labels in the drop-down list, go to Manage > Alerts > Alert Labels, and define them.

  5. Enter an issue type.

  6. Enter a priority.

  7. Enter a comma delimited list of JIRA labels to apply to the issue.

    You can dynamically define the list from a label. Click Select labels…​, and select one or more labels.

  8. Enter an assignee for the new issue.

    You can dynamically define the assignee from a label. Click Select labels…​, and select one or more labels.

  9. Click Send Test Alert to test the connection.

5.1. Configure the triggers

Configure how the alert is triggered.

  1. Under Alert Types, check the boxes types of events that should trigger an alert.

  2. For additional configuration options, click Edit.

  3. To specify specific rules that should trigger an alert, deselect All rules, and then select any individual rules.

    frag config jira triggers
  4. Click Save.