Skip to main content

Bidirectional sync with Jira for incidents (Northstar)

Contrast integrates with Jira to make incident management easier for Security Operations (SOC) and AppSec teams. It automatically creates Jira tickets for incidents, assigns them to the right projects, and adds technical details like source IPs and request URLs. When an issue is closed in Jira, it is also updated in Contrast, keeping everything in sync.

Key Benefits

  • Automate incident routing: To ensure security incidents from different Contrast-monitored applications are automatically sent to the correct Jira project, eliminating manual sorting and reducing assignment delays.

  • Enrich incidents with actionable context: To immediately provide SOC responders with detailed technical observables (like source IPs and request details) directly within the Jira ticket, speeding up triage and removing the need to switch to the Contrast UI for investigation.

  • Synchronize incident resolution: To automatically update an incident's status in Contrast when the corresponding Jira issue is closed. This provides a definitive and shared understanding of an incident's final resolution across both platforms.

  • Centralize investigation communication: To sync comments from Jira back to the incident in Contrast, creating a single, auditable record of the investigation and improving collaboration between the SOC and Application Security teams.

  • Enable a single-pane-of-glass workflow: To empower the SOC team to manage the entire incident lifecycle—from initial alert to investigation and closure—within their primary tool, Jira, thus increasing efficiency and reducing Mean Time to Respond (MTTR).

Before you begin

Ensure you are:

Configure Contrast to send incidents

Configure the integration in Northstar to send incidents to the Jira project.

  1. For Northstar, in the left navigation, select AdministrationIntegrations.

  2. Select the Jira option under the Integrations section.

  3. Under the Manage Credentials tab:

    1. Add the Credential name. This is the desired credential to be used for authentication.

    2. Provide the URL for your Jira instance

    3. Enter the Email to receive the notification

    4. Enter the API token with the API key to authenticate calls from Contrast

  4. Click Test Connection to test the connection. The test may take a few moments if you have many Jira projects. The test confirms that Contrast can reach the specific Jira instance, and the user can log in.

  5. Under the Configuration tab:

    1. Add the Credential name from the step above

    2. Enter a Jira credential. This will help identify the ticket to connect.

    3. Add the URL from the step above

    4. Select the Assess Applications to activate Jira tickets for security issues

    5. Select the Jira project to which the ticket is connected

    6. To sync resolutions, select Bi-Directional Flow. When a Jira issue is marked Done, the corresponding Contrast incident will automatically update to reflect that it is resolved.

    7. To keep both platforms in sync, select Auto-close incidents when ticket is closed. This ensures that closing a Jira issue automatically resolves the incident in Contrast.

    8. Based on the project fields added to the Jira ticket, enter the mandatory fields that appear in the Jira ticket. If there are any additional fields, they will appear on this tab.

    9. Use the Project name, Default epic, Default assignee and Default issue type fields to set custom values for Jira tickets that Contrast creates. You can also map vulnerability severity levels in Contrast to Jira priority values to help teams refine security tickets. If you want to prefill additional Jira fields, select Add Jira field. Use the dropdowns to select the fields you want to add and the default value for the field.

  6. If you want a new Jira ticket created when Contrast discovers an incident, select the Select which severity levels Contrast will create tickets for option. Then select which Severity levels or Rules should trigger new Jira tickets. Note that this mapping can be modified if needed.

  7. Select Save.

  8. Go to view the incidents.

  9. Select the IncidentID of the application associated with the Jira ticket.

    Under the Activity tab, the actions associated with the Jira ticket are displayed. The URL for the ticket will also be displayed.

Note

  • Because of the sync configuration, any notes created in the Jira ticket comments will appear under the incident ID comments, and any notes created in the incident ID comments will appear under the Jira ticket comments.

  • Comments deleted from the incident ID will be deleted from the Jira ticket comments.

In this section: