If you want to open tickets in Jira from Dataset, it is simple to do. Our recommended method is to use AWS Lambda to make the connection so we can leverage the KMS and other AWS services to increase security and unlock the possibilities you get with a programming language at your disposal.
High-level Architecture
Prereqs
- AWS Lambda
- Dataset
Steps
1. Create Function
AWS > Lambda > Create Function
2. Use Python template
Use Blueprint > slack-echo-command-python
3. Fill out the form
Create new or use an existing role
4. Configure API Gateway
Create API > REST API > Open (Don't worry, we will adjust the security in the policy)
5. In the Lambda Function Code section, paste the following code.
import boto3 import json import logging import os import urllib3 from base64 import b64decode from urllib.parse import parse_qs import http.client def getSecret(): ENCRYPTED_EXPECTED_TOKEN = os.environ['kmsEncryptedToken'] kms = boto3.client('kms') expected_token = kms.decrypt( CiphertextBlob=b64decode(ENCRYPTED_EXPECTED_TOKEN), EncryptionContext={'LambdaFunctionName': os.environ['AWS_LAMBDA_FUNCTION_NAME']} )['Plaintext'].decode('utf-8') logger = logging.getLogger() logger.setLevel(logging.INFO) return expected_token def createJiraTicket(expected_token, description, project, summary): conn = http.client.HTTPConnection("jira-loadb-1aomtcimflzhj-970196991.us-west-1.elb.amazonaws.com") token = "Basic " + expected_token payload = json.dumps({ "fields": { "project": { "key": project }, "summary": summary, "description": description, "issuetype": { "name": "Task" } } }) headers = { 'Content-Type': 'application/json', 'Authorization': token } conn.request("POST", "/rest/api/2/issue", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8")) return data.decode("utf-8") def lambda_handler(event, context): print(event["body"]) # expected_token = getSecret() expected_token = "1234567890" body = json.loads(event["body"]) description = body["description"] project = body["project"] summary = body["summary"] response = createJiraTicket(expected_token, description, project, summary) print(response) return response
6. Configure Security - Only Allow Dataset Ips to make posts.
Navigate to API Gateway > APIs > Your API > Resource Policy
Paste Existing Policy
Block requests from everywhere except Dataset IP Addresses
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:{region}:{account}:{gateway}/*/*/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-west-1:123456789:gatewayTest*/*/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"52.44.148.105/32",
"3.226.192.129/32",
"24.23.157.7/32",
"34.199.133.18/32",
"34.232.123.33/32",
"34.202.85.95/32",
"34.202.85.70/32"
]
}
}
}
]
}
7. Grab the API Gateway Address
Aws > Lambda > click newly created Lambda Function > API Gateway > Triggers
8. Configure Dataset webhook with that address
(See webhooks documentation )
Example
templateParameters: [ { "project": "FOO" "alert": "Threat Intel DNS Matches" "long_description": "issue with foo playbook.com/playbook" } ], alerts: [ {
//address from step 6 + a body with variables alertAddress: "webhook-trigger:POST https://{gateway-address}.execute-api.us-west-1.amazonaws.com/default/DatasetTestPrivate[[{\"summary\": \"#alert#\", \"description\":\"#lastLogLines#\", \"project\":\"#project#\", \"type\":\"triggered\", \"trigger\":\"#trigger#\"}]]", description: "Threat Intel DNS Matches", gracePeriodMinutes: 0, renotifyPeriodMinutes: 0, resolutionDelayMinutes: 5, trigger: "count:1 minutes(alert = \"#alert#\" logfile='powerquery' tag contains (\"pq_monitor\")) > 0" } ]
9. Once that is configured, and the alert is triggered, we should see new tickets.
Comments
0 comments
Please sign in to leave a comment.