Skip to main content

Jira Integration

CHAD can automatically create Jira tickets when alerts fire. This integrates detection with your incident response workflow.

Overview

When enabled, CHAD:
  1. Creates a Jira issue for new alerts
  2. Maps alert severity to Jira priority
  3. Includes alert context in the description
  4. Links back to CHAD for investigation

Requirements

  • Jira Cloud account (Server/Data Center not supported)
  • API token with project write access
  • Project configured for issue creation
Jira Server and Data Center are not supported. Only Jira Cloud works with CHAD.

Setting Up Jira

Create API Token

  1. Go to Atlassian API Tokens
  2. Click Create API token
  3. Name it (e.g., “CHAD Integration”)
  4. Copy the token (you won’t see it again)

Configure in CHAD

  1. Navigate to Settings > Jira
  2. Enter configuration:
SettingDescriptionExample
Jira URLYour Jira Cloud URLhttps://company.atlassian.net
EmailYour Atlassian emailuser@company.com
API TokenToken from previous stepATATT3...
Project KeyTarget projectSEC
Issue TypeIssue type nameTask or Bug
  1. Click Test Connection
  2. Save if successful

Severity Mapping

CHAD maps alert severity to Jira priority:
Alert SeverityJira Priority
CriticalHighest
HighHigh
MediumMedium
LowLow
InformationalLowest
Customize this mapping in the Jira settings.

Issue Content

Created issues include:

Summary

[CHAD Alert] {Rule Title} - {Severity}

Description

## Alert Details

**Rule:** Failed Login Attempt
**Severity:** Medium
**Detected:** 2024-01-15 14:32:17 UTC
**Status:** New

## Context

- **Source IP:** 192.168.1.50
- **User:** admin
- **Host:** SERVER01

## Threat Intelligence

Risk Level: Suspicious
- AbuseIPDB: 25% confidence score

## Links

[View in CHAD](https://chad.example.com/alerts/abc-123)

Per-Rule Configuration

Disable Jira for Specific Rules

Some rules may not need tickets:
  1. Open the rule
  2. Click Settings
  3. Disable Create Jira ticket
  4. Save

Custom Fields

If your Jira project requires custom fields:
  1. Go to Settings > Jira > Custom Fields
  2. Map CHAD fields to Jira custom fields
  3. Save

Circuit Breaker

CHAD protects against Jira API issues:
  • Failure threshold: 5 consecutive failures
  • Recovery time: 60 seconds
If Jira fails repeatedly, ticket creation pauses to prevent alert storms overwhelming your Jira instance. Monitor circuit breaker status in Settings > Jira.

Duplicate Prevention

CHAD prevents duplicate tickets:
  1. Creates deterministic ticket reference from alert ID
  2. Checks if ticket already exists before creating
  3. Updates existing ticket if found (optional)

Troubleshooting

Connection test fails

  1. Verify Jira URL is correct (include https://)
  2. Check email matches your Atlassian account
  3. Verify API token is valid
  4. Ensure network allows outbound HTTPS

Tickets not created

  1. Check Jira integration is enabled
  2. Verify project key exists
  3. Check issue type is valid for project
  4. Review circuit breaker status
  5. Check rule has Jira enabled

Permission errors

  1. Verify your account can create issues in the project
  2. Check API token permissions
  3. Ensure issue type is available in project

Wrong priority

  1. Check severity mapping configuration
  2. Verify priority names match your Jira instance
  3. Some projects have custom priority schemes

Best Practices

Keep security alerts separate from other work.
Set up Jira workflows that match your IR process.
Consider only creating tickets for High+ severity.
Watch for repeated Jira failures.

Jira Automation

Enhance with Jira Automation rules:

Auto-assign based on severity

When: Issue created with label "chad-alert"
If: Priority = Highest
Then: Assign to on-call engineer

SLA tracking

When: Issue created in SEC project
Then: Start SLA clock based on priority

Notification routing

When: Issue created with label "chad-critical"
Then: Send Slack message to #security-alerts

Alternative: Manual Ticket Creation

If you prefer manual control:
  1. Disable automatic ticket creation
  2. Use webhooks to notify your team
  3. Create tickets manually from alert view
  4. Click Create Jira Ticket button on alert

Next Steps

Notifications

Configure webhooks for Slack/Discord

Alert Investigation

Investigate before escalating