Skip to content
No description, website, or topics provided.
Python
Branch: master
Clone or download
Latest commit 9024ec9 Dec 5, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
tenable_jira Refactored logging and service initiation based on feedback from Ryan Dec 5, 2019
.gitignore Transformer now properly opening issues. Nov 14, 2019
CHANGELOG.md Added changelog Dec 5, 2019
README.md Should be an inline link to the changelog. Dec 5, 2019
example_config_file.yaml
setup.py initial setup file Nov 14, 2019

README.md

Tenable.io for Jira Cloud

This integration is designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. Vulnerabilities are automatically closed once the state of the vulnerability is marked as "fixed" in Tenable.io.

  • The integration creates a Vulnerability Management project, with the the appropriate custom fields, and links them to the associated screen to store and display all of the necessary information.
  • The integration creates a Task for each Vulnerability and creates each vulnerability instance as a Sub-task. Example: if you have have 5 hosts with plugin 151074, then the integration would create 1 Task with the details of 151074 and create 5 Sub-tasks, each one pointing to a specific instance of the vulnerability on a specific host.
  • Vulnerability Instances (Sub-tasks) will be closed automatically by the integration once the vulnerability is fixed within Tenable.io.
  • Vulnerabilities (Tasks) are closed once all Sub-tasks have enter a closed state.
  • If a vulnerability is re-opened, then new issue tickets will be generated (The integration will not reopen previously closed issues (otherwise known as necromancy))
  • All data imports from Tenable.io use the last_found/last_seen fields. This ensures that all issues are updated whenever new information becomes available.
  • Task summaries are generated using the following formula:
[Plugin ID] Plugin Name
  • Sub-task summaries are generated using the following formula:
[IP Address/Port Number/Protocol] [Plugin ID] Plugin Name

Requirements

  • Tenable.io API Keys associated to an account with Admin privileges (required for the Vuln Export APIs).
  • Jira Cloud Basic Auth API Token and Username. For automatic project creation and management, the account must be an Admin.
  • A host to run the script on. This can be located anywhere as the integration is cloud-to-cloud.

Setup

pip install tenable-jira-cloud

Configuration

In order to configure the integration, you need to provide the script a configuration file in the YAML format. The example config file details the items required for the script to run. A simple example looks like the following:

tenable:
  access_key: 000001773236158ce8943c7369c12f98c092be2e1582b95ef86da5a6c3700000
  secret_key: 111111773236158ce8943c7369c12f98c092be2e1582b95ef86da5a6c3711111

jira:
  api_token: 11111scPw10lX2WvDoj00000
  api_username: username@company.com
  address: company.atlassian.net

project:
  leadAccountId: 554433:00112233-ffee-aabb-aabb-998877665544

Options

Most of the configuration options for this script are contained within the configuration file itself with only a few options exposed via the commandline interface:

Usage: tenable-jira [OPTIONS] [CONFIGFILE]

  Tenable.io -> Jira Cloud Transformer & Ingester

Options:
  -s, --observed-since INTEGER  The unix timestamp of the age threshold
  --help                        Show this message and exit.

The following environment variables can be used:

SINCE               The observed-since option.
RUN_EVERY           The run-every option.

Example Usage

Basic Run:

tenable-jira config.yaml

Run and only import findings seen since yesterday:

tenable-jira -s $(date -v-1d +%s) config.yaml

Changelog

View the Changelog.

You can’t perform that action at this time.