Welcome to the Tenable Plugin for JIRA

Last Updated: November 08, 2024

The Tenable Plugin for JIRA provides users with the organizational convenience of managing vulnerabilities detected in Tenable Vulnerability Management and Tenable Security Center. When you install the plugin, custom fields are created in JIRA. The application uses these custom fields to organize and manage vulnerabilities detected when running vulnerability scans.

The Tenable Plugin for JIRA receives vulnerability data from Tenable Vulnerability Management and Tenable Security Center on a scheduled basis and creates JIRA issues for each vulnerability in the project that you specify. The application creates JIRA tickets according to the following:

  • For every vulnerability plugin, we create a vulnerability issue.
  • For every affected asset, we create a vulnerable host issue and blocking link to the related vulnerability issue. A linked issue is created under the vulnerability task.
  • As assets are remediated, vulnerable host tickets are marked as resolved.
  • If all vulnerable host issues related to a vulnerability issue are marked as resolved, the vulnerability issue is marked as resolved.
  • If an asset is found to have a vulnerability again, but was previously resolved, the integration reopens the vulnerable host issue.
  • If a vulnerability issue is marked as resolved and a new vulnerable host issue is linked to it, or a prior vulnerable host issue that was resolved, the vulnerability issue is reopened.

  • If Tenable Vulnerability Management assets are marked as terminated or deleted, the integration resolves all related vulnerable host issues.

  • All data imports from Tenable Vulnerability Management use the last_found or last_seen fields. This ensures that all issues are updated whenever new information becomes available.

  • All data imports from Tenable Security Center use the last_found and last_seen fields. This ensures that all issues are updated whenever new information becomes available.

In Tenable Vulnerability Management, the vulnerability issue and vulnerable host issue titles are automatically generated using the following formula:

  • Vulnerability = pluginname + protocol + port + severity
  • Vulnerable Host = IPV4 + FQDN

In Tenable Security Center, the vulnerability issue and vulnerable host Issue titles are automatically generated using the following formula:

  • Vulnerability = pluginname + protocol + port + severity
  • Vulnerable Host = IPV4 + dnsName + repositoryid

Note: When you have an open Jira ticket and the integration closes it, the Tenable app does not update the Resolution field in the integration. The Resolution field is one of the fields that the Tenable app does not interact with. When you update your Jira ticket from open to closed/fixed/resolved, etc., the Resolution field in the Jira integration stays at "Unresolved."