Welcome to Tenable for Jira Cloud
Last Updated: June 14, 2024
The Tenable for Jira Cloud integration provides you with the organizational convenience of managing vulnerabilities detected in Tenable Vulnerability Management from the Tenable platform itself. When you configure the Tenable for Jira Cloud integration, custom fields are created in Tenable for Jira Cloud. The integration uses these custom fields to organize and manage vulnerabilities detected when running vulnerability scans.
-
Tenable for Jira Cloud pulls Tenable Vulnerability Management vulnerability data, then generates Jira tasks and linked tasks based on the vulnerability's current state. Tasks are automatically closed once the state of the vulnerability is marked as Fixed in Tenable Vulnerability Management.
- Tenable for Jira Cloud creates a Tenable Vulnerability Task for each vulnerability and creates each vulnerability instance as a "linked task." For example, if you have five hosts with plugin 151074 on a Group-by vulnerability, the integration creates one Tenable Vulnerability Task with the details for that specific plugin and creates five linked tasks. Each linked task points to a specific instance of the vulnerability, on a specific host.
-
Tenable for Jira Cloud automatically closes Vulnerability Instances once the vulnerability is fixed in Tenable Vulnerability Management.
- Vulnerabilities are closed once all linked tasks enter a closed state.
- If a vulnerability is reopened, Tenable Vulnerability Tasks are moved to the Reopen status.
-
All data imports from Tenable Vulnerability Management are synced with Tenable for Jira Cloud after the scan gets completed. Vulnerabilities are available in Tenable for Jira Cloud after scan completion and some processing time
The Tenable for Jira Cloud integration can pull historic findings as well as new findings as they get discovered by the platform and creates Jira issues for each vulnerability in the project that you specify. The integration creates Jira tickets according to the following scenarios:
Group By Vulnerability
-
For every vulnerability plugin, the integration creates a vulnerability issue.
- For every affected asset, the integration creates a vulnerable host issue and a blocking link to the related vulnerability issue. A linked issue is created under the vulnerability task.
-
As assets are remediated, vulnerable host tickets are marked as resolved.
- If all vulnerable host issues related to a vulnerability issue are marked as resolved, the vulnerability issue is marked as resolved.
- If an asset is found to have a vulnerability again, but was previously resolved, the integration reopens the vulnerable host issue.
-
If a vulnerability issue is marked as resolved and a new vulnerable host issue is linked to it (or a prior vulnerable host issue that was resolved) the vulnerability issue is reopened.
-
All historic data imported from Tenable Vulnerability Management uses the last_found field. This ensures that all issues are updated whenever new information becomes available.
Group By Asset
-
For every host, a vulnerability host issue is created.
-
For every reporting plugin, the integration creates a vulnerability issue and a blocking link to the related vulnerability host issue. A linked issue is created under the vulnerability host task.
-
As findings are remediated, vulnerability issue tickets are marked as resolved.
-
If all vulnerability issues related to a vulnerability host issue are marked as resolved, the vulnerability host issue is marked as resolved.
-
If a vulnerability issue is found to have a vulnerability again, but was previously resolved, the integration reopens the vulnerable issue.
-
If a vulnerability host issue is marked as resolved and a new vulnerable plugin issue is linked to it (or a prior vulnerable plugin issue that was resolved) the vulnerability issue is reopened.
In Tenable Vulnerability Management, the vulnerability issue and vulnerable host issue titles are automatically generated using the following formula:
-
Vulnerability = pluginname + protocol + port + severity
-
Vulnerable Host = IPV4 / IPV6 + FQDN