tenable plugin for jira · title: tenable plugin for jira author: tenable network security created...

How-to Guide: Tenable Plugin forJIRA

Last Revised: September 21, 2020

Table of Contents

Welcome to the Tenable Plugin for JIRA 3

Prerequisites 5

Custom Fields Created in JIRA 6

Install 11

Configure 13

Configure Tenable.io 14

Configure Tenable.sc 17

Add Projects to JIRA 20

Set Log Level 22

Reset Plugin 23

Manage 24

Sync JIRA Issues with the Tenable Plugin for JIRA 25

Search for Vulnerabilities 26

Search for Scheduler Job Information 28

Search for System Information 29

Upgrade Add-on 30

Disable the Tenable Plugin for JIRA 31

Uninstall the Add-on 32

Troubleshooting 33

API Usage 34

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of

Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.

Welcome to the Tenable Plugin for JIRA

TheTenablePlugin for JIRA provides users with the organizational convenience ofmanaging vulnerabilitiesdetected in Tenable.io andTenable.sc.When you install the plugin, custom fields are created in JIRA. Theapplication uses these custom fields to organize andmanage vulnerabilities detectedwhen running vul-nerability scans.

TheTenablePlugin for JIRA receives vulnerability data from Tenable.io andTenable.sc on a scheduled basisand creates JIRA issues for each vulnerability in the project that you specify. The application creates JIRA tick-ets according to the following:

l For every vulnerability plugin, we create a vulnerability issue.

l For every affected asset, we create a vulnerable host issue and blocking link to the related vulnerabilityissue. A linked issue is created under the vulnerability task.

l As assets are remediated, vulnerable host ticket aremarked resolved.

l If all vulnerable host issues related a to a vulnerability issue aremarked resolved, the vulnerability issueis marked resolved.

l If an asset is found to have a vulnerability again, but was previously resolved, the integration reopens thevulnerable host issue.

l If a vulnerability issue is marked resolved and a new vulnerable host issue is linked to it or a prior vul-nerable host issue that was resolved, the vulnerability issue is reopened

l If Tenable.io assets aremarked as terminated or deleted, the integration resolves all related vulnerablehost issues

l All data imports from Tenable.io use the last_found/last_seen fields. This ensures that all issues areupdatedwhenever new information becomes available.

l All data imports from Tenable.sc use the last_found/last_seen fields. This ensures that all issues areupdatedwhenever new information becomes available.

In Tenable.io, the vulnerability issue and vulnerable host issue titles are automatically generated using the fol-lowing formula:

l Vulnerability = pluginname+ protocol + port + severity

l VulnerableHost = IPV4+ FQDN

InTenable.sc, the vulnerability issue and vulnerable host Issue titles are automatically generated using the fol-lowing formula:



l Vulnerability = pluginname+ protocol + port + severity

l VulnerableHost = IPV4+ dnsName+ repositoryid



Prerequisites

Youmustmeet the following prerequisites before installing and using the plugin:

l Install the compatible Tenable plugin for your JIRA version. For version compatibility, see the versioncompatibility table below.

l If integratingwith Tenable.sc, useTenable.sc version 5.7 or later.

l Beamember of one of the following user groups in JIRA - jira-administrators, jira-software-users, jira-core-users, or jira-servicedesk-users.

l Projects cannot havemandatory fields or configured validators.

Version Compatibility

Software JIRA Version Tenable Plugin Version

JIRA Software 7.5 - 7.x 2.x

JIRACore 7.5 - 7.x 2.x

JIRAServiceDesk 3.15 - 3.x 2.x

JIRASoftware 8.x 10.x

JIRACore 8.x 10.x

JIRAServiceDesk 8.x 10.x



Custom Fields Created in JIRA

Custom fields are createdwhen theTenablePlugin for JIRA is installed. Custom fields are either text area,which you canmodify, or read only field, which you cannotmodify.

Note: There may be conflict if a custom field is created manually or as part of another plugin.

Vulnerability

Field Name Type Definition

TenableBID text area TheBugtraq ID for the plugin thatidentified the vulnerability.

TenableCVE text area TheCommonVulnerability andExposure (CVE) ID for the plugin.

TenableCVSSv3BaseScore read only field TheCVSSv3base score (intrinsicand fundamental characteristics ofa vulnerability that are constantover time and user environments).

TenableCVSSv3Temporal Score read only field TheCVSSv3 temporal score (char-acteristics of a vulnerability thatchange over time but not amonguser environments).

TenableCVSSv2BaseScore read only field TheCVSSv2base score (intrinsicand fundamental characteristics ofa vulnerability that are constantover time and user environments).

TenableCVSSv2Temporal Score read only field TheCVSSv2 temporal score (char-acteristics of a vulnerability thatchange over time but not amonguser environments).

TenablePlug-in Family read only field The family of the plugin that iden-tified the vulnerability. For moreinformation about plugin families,seehttps://www.ten-



https://www.tenable.com/plugins

able.com/plugins.

TenablePlug-in ID read only field The ID of the plugin that identifiedthe vulnerability.

TenableMSBulletin read only field TheMicrosoft security bulletin thatthe plugin covers.

TenableVulnerability Title read only field The nameof the plugin that iden-tified the vulnerability.

TenableSolution read only field Remediation information for the vul-nerability.

TenableSeverity read only field The code for the severity originallyassigned to a vulnerability before auser recast the risk associatedwiththe vulnerability.

TenableSource read only field Determines if the application is con-nected to Tenable.io or Tenable.sc.

TenableShort Description read only field A short description of the plugin.

Vulnerable Host

Field Name Type Definition

TenableAgent UUID read only field TheUUID of the agent that per-formed the scanwhere the vul-nerability was found.

TenableDevice Type read only field The type of asset where the vul-nerability was found.

Tenable FQDN read only field The fully-qualified domain nameofthe asset where a scan found thevulnerability.

TenableHostname read only field The host nameof the asset wherea scan found the vulnerability.

TenableAsset UUID read only field TheUUID of the asset where ascan found the vulnerability.



https://www.tenable.com/plugins

Tenable IPv4 read only field The IPv4 address of the assetwhere a scan found the vul-nerability.

Tenable IPv6 read only field The IPv6 address of the assetwhere a scan found the vul-nerability.

TenableMACAddress read only field TheMAC address of the assetwhere a scan found the vul-nerability.

TenableNetBIOSName read only field TheNETBIOS nameof the assetwhere a scan found the vul-nerability.

TenableOperatingSystem read only field The operating system of the assetwhere a scan found the vul-nerability.

TenablePluginOutput text area The text output of theNessus scan-ner.

TenablePort read only field The port the scanner used to com-municatewith the asset.

TenableProtocol read only field The protocol the scanner used tocommunicatewith the asset.

TenableService read only field The service the scanner used tocommunicatewith the asset.

TenableSeverity read only field The severity of the vulnerability asdefined using theCommonVul-nerability ScoringSystem (CVSS)base score. Possible values are:

l info - The vulnerability has aCVSS score of 0.

l low - The vulnerability has aCVSS score between 0.1and 3.9.



l medium - The vulnerabilityhas aCVSS score between4.0 and 6.9.

l high - The vulnerability has aCVSS score between 7.0and 9.9.

l critical - The vulnerability hasaCVSS score of 10.0."

Tenable First Found read only field The date onwhich the vulnerabilitywas first found on the asset.

Tenable Last Fixed read only field The date onwhich the vulnerabilitywas last fixed on the asset. Ten-able.io updates the vulnerabilitystate to fixedwhena scan nolonger detects a previously detec-ted vulnerability on the asset.

TenableState read only field The state of the vulnerability asdetermined by theTenable.io stateservice. Possible values are:

l open - The vulnerability iscurrently present on anasset.

l reopened - The vulnerabilitywas previously marked asfixed on an asset, but hasbeen detected again by anew scan.

l fixed - The vulnerability waspresent on an asset, but isno longer detected.

TenableSource read only field Determines if the application is con-nected to Tenable.io or Tenable.sc.

Tenable.sc Repository ID read only field The repository identificationman-



ager.

Tenable.sc Repository Name read only field A user friendly name for the repos-itory.



Install

Before you begin

l Youmustmeet the requirements on thePrerequisites page.

l Youmust have administrative access privileges in JIRA.

l Download theTenablePlugin for JIRA OBR file to your computer from theTenable IntegrationsDownloads page.

To install the Tenable Plugin for JIRA:

1. Log in to JIRA.

2. Click >Add-ons.

3. In the left column, clickManage apps.

TheManage apps page appears.

4. At the top of theManage apps section page, clickUpload app.

TheUpload appwindow appears.

5. Select the TenablePlugin for JIRAOBR file you downloaded.

6. ClickUpload.

A newwindow displays the installation progress.

After the installation completes, a confirmation appears.



https://www.tenable.com/downloads/integrations

https://www.tenable.com/downloads/integrations

7. ClickClose to close the confirmationwindow.

8. To see the installation update, refresh the page.

9. To confirm the installationwas successful, clickManage apps >User Installed Add-ons.

If the installationwas successful, the TenablePlugin for JIRA appears in the list of add-ons.

Note: You can also verify the installation by viewing the Tenable.io Configuration section in the left nav-igation pane of the Add-ons page.



Configure

Complete the following steps to configure theTenablePlugin for JIRA.

Initial Configuration

1. Add Project to JIRA

2. Configure Tenable.io for JIRA or

Configure Tenable.sc for JIRA

3. Set Log Level

After Initial Configuration

1. Reset the Add-on



Configure Tenable.io

Before you begin:

l Install the TenablePlugin for JIRA.

l In JIRA, youmust have administrative access privileges.

l In JIRA, identify or create the project where youwant the plugin to create vulnerability issues.

For Tenable.io:

Required User Role: Administrator

l Youmust have your Tenable.io API keys.

Note: For your Tenable.io integration:

l You must generate an API key in Tenable.io to complete the configuration. See the Tenable.iouser guide for instructions on how to generate an API key. (Do not use this API key for any otherthird party or custom built application or integration. It must be unique for each installedinstance of the integration.)

To configure Tenable.io:

1. Log in to JIRA.

2. Click >Add-ons.

3. In the left navigation pane, click Tenable.io Configuration.

TheTenable.io Configuration page appears.

4. Use the table below to fill in the appropriate JIRA options.

Option Name Description Input

Enabled (Optional)Whenenabled, Tenable.io starts collecting data.Whendisabled, Tenable.io stops collecting data.

Note: If you stop data collection, then start it again, Ten-able.io provides data from the point where you previouslystopped.

Check box



https://docs.tenable.com/tenableio/vulnerabilitymanagement/Content/Settings/GenerateAPIKey.htm

https://docs.tenable.com/tenableio/vulnerabilitymanagement/Content/Settings/GenerateAPIKey.htm

Address The data collection source. IP addressor hostname

Access Key Ensures user account authentication. Useraccess key

Secret Key Ensures user account authentication User secretkey

Sync Since (Optional) Specifies the start date of the vulnerability data youwant to collect from Tenable.io. If you do not specify a startdate, data collection starts from the last date you last enableddata collection.

Caution: If this option is changed, you must click theReset Add-on button to save this change.

Date

mm/dd/yyyyhh:mm

Lowest Severityto Store

Specifies the lowest level of severity of the vulnerabilities youwant to collect from Tenable.io.

Tenable.io severity levels include the following:

l info - The vulnerability has aCVSS score of 0

l low - The vulnerability has aCVSS score between -.1and 3.9.

l medium - The vulnerability has aCVSS scorebetween 4.0 and 6.9.

l high - The vulnerability has aCVSS score between 7.0and 9.9

l critical - The vulnerability has aCVSS score of 10.0

Drop-downbox

Interval Specifies the interval, inminutes, at which JIRA queries Ten-able.io for vulnerability data. This intervalmust be setbetween 60 and 1,440minutes.

Minutes

Default Project Specifies the project where JIRA creates new vulnerabilityissues.

Drop-downbox



Caution: If you change this option after initial con-figuration, you must clickReset Add-On to save yourchange.

Default User Specifies the user towhom the plugin automatically assignsthe vulnerability issues.

Note: The list only displays users that are members of thefollowing groups: jira-administrators, jira-software-users,jira-core-users, and jira-servicedesk-users.

Drop-downbox

EnableProxy (Optional) Enables the plugin to collect Tenable.io data via aproxy server. If you select this option, the plugin promptsyou to enter the following:

l URL - (Required) TheURLof the proxy server.

l Username - (Optional) The username that JIRA usesto connect to the proxy server.

l Password - (Optional) The password that JIRA usesto connect to the proxy server.

Note: The username and password are optional if youuse a proxy without authentication.

Check boxand textboxes

5. Click Save, or if you have changed theDefault Project orSync Since options, clickReset Add-on.

6. Once the configuration is saved, the plugin creates custom fields in JIRA.



Configure Tenable.sc

Before you begin

l Youmust haveTenable.sc 5.7+.

l Youmust have theSecurity Manager role in Tenable.sc.

Note: See the Tenable.sc User Guide for information about user role configuration.

l Install the TenablePlugin for JIRA.

l In JIRA, identify or ceate the project where youwant the plugin to create vulnerability issues.


To configure Tenable.sc:

1. Log in to JIRA.

2. Click >Add-ons.

3. In the left navigation pane, click Tenable.sc Configuration.

TheTenable.sc Configuration page appears.

4. Use the table below to fill in the appropriate JIRA options.

Option Name Description Input

Enabled (Optional)Whenenabled, Tenable.sc starts collecting data.Whendisabled, Tenable.sc stops collecting data.

Note: If you stop data collection, then start it again, Ten-able.sc provides data from the point where you pre-viously stopped.

Check box

Address The data collection source. IP addressor hostname

Username Ensures user account authentication. The user-name forTenable.sc



https://docs.tenable.com/tenablesc/Content/UserRoles.htm

Password Ensures user account authentication The pass-word for Ten-able.sc

Sync Since (Optional) Specifies the start date of the vulnerability datayouwant to collect from Tenable.sc. If you do not specify astart date, data collection starts from the last date you lastenabled data collection.

Caution: If this option is changed, you must click theReset Add-on button to save this change.

Date

mm/dd/yyyyhh:mm

Lowest Severityto Store

Specifies the lowest level of severity of the vulnerabilitiesyouwant to collect from Tenable.sc.

Tenable.sc severity levels include the following:

l info - The vulnerability has aCVSS score of 0

l low - The vulnerability has aCVSS score between -.1and 3.9.

l medium - The vulnerability has aCVSS scorebetween 4.0 and 6.9.

l high - The vulnerability has aCVSS score between7.0 and 9.9

l critical - The vulnerability has aCVSS score of 10.0

Drop-downbox

Interval Specifies the interval, inminutes, at which JIRA queries Ten-able.sc for vulnerability data. This intervalmust be setbetween 60 and 1,440minutes.

Minutes

Default Project Specifies the project where JIRA creates new vulnerabilityissues.

Caution: If you change this option after initial con-figuration, you must clickReset Add-On to save yourchange.

Drop-downbox



Default User Specifies the user towhom the plugin automatically assignsthe vulnerability issues.

Note: The list only displays users that are members ofthe following groups: jira-administrators, jira-software-users, jira-core-users, and jira-servicedesk-users.

Drop-downbox

EnableProxy (Optional) Enables the plugin to collect Tenable.sc data via aproxy server. If you select this option, the plugin promptsyou to enter the following:

l URL - (Required) TheURLof the proxy server.

l Username - (Optional) The username that JIRAuses to connect to the proxy server.

l Password - (Optional) The password that JIRA usesto connect to the proxy server.

Note: The username and password are optional if youuse a proxy without authentication.

Check boxand textboxes

Verify SSL If enabled, JIRA verifies theSSLCertificate in Tenable.sc. Check box

5. Click Save, or if you have changed theDefault Project orSync Since options, clickReset Add-on.

6. Once the configuration is saved, the plugin creates custom fields in JIRA.



Add Projects to JIRA

You can add projects to JIRA tomanageTenable vulnerabilities.

Note:Users who manage projects must have the following permissions selected: create issue, edit issue,resolve issue, and link issue. You can set these permissions in the permissions section of the JIRAPlugin forTenable.io configuration page. For additional information about permissions, see the JIRA documentation.

Before you begin


To add projects to JIRA:

1. Log in to JIRA.

2. Click >Projects.

3. Click theCreate Project button.

4. SelectTenable Vulnerability Management (recommended) or any type that youwant.

Note:Do one of the following:

l If you configured the Tenable Plugin for JIRA, select Tenable Vulnerability Management. Ten-able recommends you use this project type for managing vulnerability issues in JIRA.

l If you have not configured the Tenable Plugin for JIRA, select any project type. The plugin auto-matically adds custom fields, issue types, and workflow when you enable the integration.

5. ClickNext.

6. Type the information in the corresponding fields.

Option Name Description

Name Thenameof the project.

Project Key (Optional) A unique key identifying the project in JIRA.This value is automatically populatedwhen you type theproject name. However, you canmanually change it.

Project Lead (Optional) The JIRA user who owns the project.



https://confluence.atlassian.com/crucible045/permissions-947848543.html

Note:Depending on the project type you select, JIRAmay prompt you for additional project con-figuration. For more information, see the Atlassian JIRA documentation.

7. Click Submit.

TheNew Project window opens.

Note: The empty project syncs once you select this project as your Default Project on the Tenable.ioConfiguration or Tenable.sc Configuration page.



https://confluence.atlassian.com/jirasoftwareserver

Set Log Level

You can set or modify the log level for the TenablePlugin for JIRA.

Before you begin


To set the log level:

1. Log in to JIRA.

2. Click >System.

TheSystem page appears.

3. In the left-hand column, click Logging and Profiling.

The log file page appears.

4. Scroll to theDefault Loggers section.

5. Click the desired setting for theSet Logging Level option.



Reset Plugin

Youmust reset the TenablePlugin for JIRA if youwant to change the plugin configuration any timeafterJIRA has created an issue for a Tenable vulnerability. This avoids conflicts between vulnerabilities created inprevious projects and new projects.When you reset the plugin, it returns to aFactory New status and begins

the sync from the selectedSync Since date.

1. Repeat configuration steps.

2. ClickReset.



Manage

See the following sections for steps onmanaging theTenablePlugin for JIRA.

l Sync Add-on

l Search for Vulnerabilities

l Search for Scheduler Job Information

l Search for System Information

l Upgrade

l Disable

l Uninstall



Sync JIRA Issues with the Tenable Plugin for JIRA

Use theSync option to start data collection.

To sync JIRA issues with the plugin:

1. Log in to JIRA.

2. Click >Add-ons.

3. Click Tenable.io Configuration or Tenable.sc Configuration.

The selected configuration page appears.

4. Click theSync button.

AWarning appears.

5. Click Yes to start the sync.

Note: The data collection starts from last time you enabled data collection.



Search for Vulnerabilities

You can use theTenablePlugin for JIRA tool to search for issues related to specific vulnerabilities. You canperform basic, custom field, and advanced searches.

Basic Search

1. In the top navigation bar, click Issues >Search for Issues.

2. Select theProject,Type, andStatus.

3. Click Search.

Custom Field Search



3. In the row ofSearch options, clickMore .

A drop-downbox appears.

4. In the drop-down text box, enter the custom type, i.e., CVE, BDE, etc.

Results appear below.

5. From the drop-downbox, select a custom field.

6. Enter the search value in the text box (for example, enter CVE-2016-5420).



Advanced Search



3. In theSearch options row, click Advanced.

A text box appears.

4. Enter a query or specific vulnerability information in the text box.

5. Click Search.



Search for Scheduler Job Information

You can use theTenablePlugin for JIRA to search for scheduler information.

Before you begin

l Youmust have administrative access privileges.

To search for scheduler job information:

1. Log in to JIRA.

2. Click >System.

3. ClickGeneral Configuration >Scheduler Details.

4. Navigate to com.tenable.jira.plugin.scheduler.impl.TenableJobRunnerImpl.

5. Click to view the logs pertaining to the scheduled task.



Search for System Information

Before you begin


To search for system information:

1. Log in to JIRA.

2. Click >System.

3. ClickGeneral Configuration >System Info.

A search box appears.

4. Search for "Tenable".

Note: You can search for all parameters on the configuration page.



Upgrade Add-on

Toupgrade to the latest version of the TenablePlugin for JIRA:

1. Follow the installation steps.

2. Verify your credentials.

l For Tenable.io, re-enter your API keys.

l For Tenable.sc, re-enter your usernameandpassword.

3. Click Save.

Note: After the upgrade, and re-entering your credentials, the data collection automatically starts from thelast sync.



Disable the Tenable Plugin for JIRA

Before you begin


To uninstall the add-on:

1. Log in to JIRA.

2. Click >Add-ons.


TheManage apps page appears.

4. Scroll to find theTenable.io JIRA Plugin or Tenable.sc JIRA Plugin application listing.

5. Click to expand theTenable.io JIRA Plugin or Tenable.sc JIRA Plugin application listing.

6. Click theDisable button.

The plugin is disabled and the syncing stops.

Note: The scheduler details are removed from the scheduler detail page when the add-on is disabled.

Note: If the add-on is uninstalled or disabled, the configuration details remain stored on the System Infopage.



Uninstall the Add-on

Before you begin


To uninstall the add-on:

1. Log in to Jira.

2. Click >Add-ons.


TheManage-apps page appears.

4. Scroll to findTenable.io JIRA Plugin or Tenable.sc JIRA Plugin.

5. Click to expand theTenable.io JIRA Plugin or Tenable.sc JIRA Plugin option.

6. Click theUninstall button.

TheUninstall appwindow appears.

7. ClickUninstall app.

Note: If the add-on is uninstalled or disabled, the configuration details remain stored on the System Infopage.



Troubleshooting

1. Can I create a custom field in the Tenable Plugin for JIRA?

No, Tenable strongly advises that you do not create any custom fields in the JIRA project used to syncto Tenable vulnerabilities. This prevents an override or collidewith our custom fields.

2. Can I create a custom workflow in the Tenable Plugin for JIRA?

No, you cannot create a custom workflow because the plugin automatically closes tickets based on theworkflow statuses.

3. Will I get updates for manually deleted or moved JIRA tickets?

If youmanually delete or move a JIRA ticket (Vulnerability or VulnerableHost), youmay not get updatesfor future events that occur for that same vulnerability.

4. Where do I look if I encounter an issue?

Refer to the log file located at /var/atlassian/application-data/jira/log/Atlassian-jira.log.

5. The Plugin page in JIRA states "This add-on is not compatible with your current Jira ver-sion." How do i correct this?

Install the correct Tenable plugin for your JIRA version. The version compatibility for your Tenable pluginand JIRA version is located on thePrerequisites page.



API Usage

View the links below for information about theAPIs used by the JIRA plugin to collect and update vulnerabilitiesimported from Tenable applications.

Tenable.io

The JIRA plugin uses the followingAPIs to collect open, reopen, and fix vulnerabilities:

l https://cloud.tenable.com/vulns/export

l https://cloud.tenable.com/vulns/export/{id}/status

l https://cloud.tenable.com/vulns/export/{id}/chunks/{chunk_id}

The JIRA plugin uses the followingAPIs to find assets that were terminated or deleted to close the related vul-nerable issues for those assets:

l https://cloud.tenable.com/assets/export

l https://cloud.tenable.com/assets/export/{id}/status

l https://cloud.tenable.com/assets/export/{id}/chunks/{chunk_id}

Tenable.sc

The JIRA plugin uses the followingAPIs to collect open, reopen, and fix vulnerabilities:

l https://docs.tenable.com/tenablesc/api/Analysis.html



https://docs.tenable.com/tenablesc/api/Analysis.html

tenable plugin for jira · title: tenable plugin for jira author: tenable network security created...

Documents