Custom Qualys-Jira Integration Whitepaper

Document created by Laura Seletos Employee on Sep 19, 2019Last modified by Laura Seletos Employee on Oct 3, 2019
Version 14Show Document
  • View in full screen mode

Custom Qualys-Jira Integration Whitepaper

Version 1 | Updated on 10/24/2019

Qualys Modules Covered in Scope: VM, PC, FIM

 

Getting Started

Due to the high community demand for custom Jira integrations, this write-up is to guide you through best-practice architecture for scripting your own custom integration between Qualys and Jira.

 

Note: Qualys is currently exploring the development of an out-of-box integration with Jira for the second half of 2020.

 

When creating integrations, you always want to determine how your company wants to consume the data being sent from Qualys to your 3rd party tool. If the point of your integration is to drive remediation efforts, you should format the data integration to fit your team’s remediation workflow.

Here are some examples:

  • Vulnerability Management (VM) Example: Instead of creating a ticket for every vulnerability per host you should format your ticket structure where 1 ticket is created for a patch and all applicable hosts should be listed within that 1 ticket. That way when a remediation analyst received the ticket, they know what patch to deploy for what bulk group of hosts.
  • Policy Compliance (PC) Example: Instead of creating a ticket for every configuration failure per host you should format your ticket structure where 1 ticket is created for global control failures and all applicable hosts should be listed within that 1 ticket. That way when a remediation analyst received the ticket, they focus on changing the configuration change globally for all hosts listed.
  • File Integrity Monitoring (FIM) Example: Only create tickets for FIM incidents that require escalation vs creating a ticket for all FIM events.

 

Technical Requirements

  1. Create a new Qualys User specifically for this integration (after activation, make this an API-only account by removing GUI access in the Qualys admin page)
  2. Setup a Jira account with API access.
  3. Scripting server to run your integration script (Linux host that runs python is most popular)
  4. Network access from your scripting server to your Qualys Platform and your Jira instance.

 

High-level Integration Logic Overview

  1. From your scripting server, run the Qualys API query against your Qualys subscription to collect relevant data.
  2. Have your script parse and reformat the response data from Qualys into your preferred Jira format.
  3. Send reformatted Qualys data to Jira API to create a new ticket.
  4. [Optional] Use Qualys metadata to determine who to assign the Jira ticket to for remediation.
  5. [Optional] Close Jira ticket based on status changes within Qualys

 

Vulnerability Management (VM) Detailed Workflow


(Optional) Using Qualys Continuous Monitoring (CM) Module to Open Jira Tickets via Emails


Integration Setup Steps

Note: These will only need to be set up once vs the next section which will need to be run continuously

  1. Define your criteria for creating a ticket

    • Ex: Create tickets for Confirmed, Severity 4-5 Vulnerabilities where a patch is available.
  2. Once your ticket criteria are defined, you will create a dynamic search list

    • API Call Example: 
      • curl -u "username:password" -H "X-Requested-With: Curl" -X "POST" -d "action=create&title=JIRA+Integration+Dynamic+Ticket+Criteria&global=1&comments=JIRA+Integration&confirmed_severities=4,5&patch_available=1" "https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/"
      • Notes:
        • You can also create your dynamic Jira ticket criteria search list within the Qualys UI. Navigate there by going to Vulnerability Management -> KnowledgeBase -< Search Lists -> New Button -> Dynamic List and title your new search list = "JIRA Integration Dynamic Ticket+Criteria"
        • You can find additional details by going to the API User Guide under the "Create dynamic search list" section in the table of contents (https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf ).

Integration Script to be run on a Schedule

  1. Pull all Relevant Host List Detection (HLD) Data

  2. Parse Host List Detection Data and Create Ticket with Jira API

  3. (Optional) Database tracking of ticket status

    • For more advanced use cases, you can have a local database track the ticket IDs that are open to maintain ticket-state awareness.

 

Policy Compliance (PC) Detailed Workflow

  1. Pull all Relevant Compliance Posture Information (Posture) Data

  2. Parse Compliance Posture Information Data and Create Ticket with Jira API

  3. (Optional) Database tracking of ticket status

    • For more advanced use cases, you can have a local database track the ticket IDs that are open to maintain ticket-state awareness.

 

File Integrity Monitoring (FIM) Detailed Workflow

  1. Pull all Relevant Compliance Posture Information (Posture) Data

  2. Parse File Integrity Monitoring Incident Data and Create Ticket with Jira API

    1. Jira REST API examples: https://developer.atlassian.com/server/jira/platform/jira-rest-api-examples/

    2. You can use their developer community for additional examples: Getting started 

  3. (Optional) Database tracking of ticket status

    • For more advanced use cases, you can have a local database track the ticket IDs that are open to maintain ticket-state awareness.

 

Helpful API Resources

Attachments

    Outcomes