Giter Site home page Giter Site logo

b4k0 / qradar_jira_integration Goto Github PK

View Code? Open in Web Editor NEW
3.0 1.0 0.0 38 KB

Python Script for integrating IBM QRadar SIEM with Jira Ticketing System, in order to open tickets automatically on Jira.

License: MIT License

Python 100.00%
jira jira-rest-api python-script qradar qradar-offense qradar-api soar siem incident-response

qradar_jira_integration's Introduction

QRadar_Jira_Integration

QRadarJira

Python Script for integrating IBM QRadar SIEM with Jira Ticketing System, in order to create issue(open ticket) automatically at real time on Jira, for offenses with magnitude bigger than a selected score via Custom Actions, making Incident Responce process faster and efficient!

Development Process

  • Generate Jira Personal Access Token

  • Generate QRadar API Key

  • Create a QRadar Offense Rule, when a new offense is generated then create a new event "Offense Created"

  • Create a QRadar Event Rule, when the event "Offense Created" is generated, then run a python script via Custom Actions on QRadar Console.

  • Create a QRadar Offense Rule, when a offense magnitude has increased by at least 1 unit(s), then create a new event "Offense Magnitude has increased"

  • Create a QRadar Event Rule, when the event "Offense Magnitude has increased" is generated, then run a python script via Custom Actions on QRadar Console.

  • Python script:

    • Identify API endpoints both for QRadar and Jira.
    • Select the attributes of QRadar API.
    • Select the fields of Jira issue.
    • Check for open tickets on Jira with offenses with magnitude equal or bigger from the selected value.
    • Write the python script.

  • Test the Integration:

SOS

  • Jira Personal Access Token is A Bearer Token, check your syntax on API Request Authorization headers.
  • Use QRadar's Console IP, NOT Domain, on API Request.
  • On Custom Actions, any property is a string.
  • Extract Offense ID from the event "Offense Created", for creating the QRadar API request in order to catch any new offense.
  • Extract Offense ID from the event "Offense Magnitude has increased", for creating the QRadar API request in order to catch any offense that its magnitude has been increased.

QRadar Jira

qradar_jira_integration's People

Contributors

b4k0 avatar

Stargazers

avatar avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.