If you want to open tickets in Jira from Dataset, it is simple to do. Our recommended method is to use AWS Lambda to make the connection so we can leverage the KMS and other AWS services to increase security and unlock the possibilities you get with a programming language at your disposal.
High-level Architecture
Prereqs
- AWS Lambda
- Dataset
Steps
1. Create Function
AWS > Lambda > Create Function
2. Use Python template
Use Blueprint > slack-echo-command-python
3. Fill out the form
Create new or use an existing role
4. Configure API Gateway
Create API > REST API > Open (Don't worry, we will adjust the security in the policy)
5. In the Lambda Function Code section, paste the following code.
import boto3
import json
import logging
import os
import urllib3
from base64 import b64decode
from urllib.parse import parse_qs
import http.client
def getSecret():
ENCRYPTED_EXPECTED_TOKEN = os.environ['kmsEncryptedToken']
kms = boto3.client('kms')
expected_token = kms.decrypt(
CiphertextBlob=b64decode(ENCRYPTED_EXPECTED_TOKEN),
EncryptionContext={'LambdaFunctionName': os.environ['AWS_LAMBDA_FUNCTION_NAME']}
)['Plaintext'].decode('utf-8')
logger = logging.getLogger()
logger.setLevel(logging.INFO)
return expected_token
def createJiraTicket(expected_token, description, project, summary):
conn = http.client.HTTPConnection("jira-loadb-1aomtcimflzhj-970196991.us-west-1.elb.amazonaws.com")
token = "Basic " + expected_token
payload = json.dumps({
"fields": {
"project": {
"key": project
},
"summary": summary,
"description": description,
"issuetype": {
"name": "Task"
}
}
})
headers = {
'Content-Type': 'application/json',
'Authorization': token
}
conn.request("POST", "/rest/api/2/issue", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
return data.decode("utf-8")
def lambda_handler(event, context):
print(event["body"])
# expected_token = getSecret()
expected_token = "1234567890"
body = json.loads(event["body"])
description = body["description"]
project = body["project"]
summary = body["summary"]
response = createJiraTicket(expected_token, description, project, summary)
print(response)
return response
6. Configure Security - Only Allow Dataset Ips to make posts.
Navigate to API Gateway > APIs > Your API > Resource Policy
Paste Existing Policy
Block requests from everywhere except Dataset IP Addresses
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:{region}:{account}:{gateway}/*/*/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-west-1:123456789:gatewayTest*/*/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"52.44.148.105/32",
"3.226.192.129/32",
"24.23.157.7/32",
"34.199.133.18/32",
"34.232.123.33/32",
"34.202.85.95/32",
"34.202.85.70/32"
]
}
}
}
]
}
7. Grab the API Gateway Address
Aws > Lambda > click newly created Lambda Function > API Gateway > Triggers
8. Configure Dataset webhook with that address
(See webhooks documentation )
Example
templateParameters: [
{
"project": "FOO"
"alert": "Threat Intel DNS Matches"
"long_description": "issue with foo playbook.com/playbook"
}
],
alerts: [
{
//address from step 6 + a body with variables
alertAddress: "webhook-trigger:POST https://{gateway-address}.execute-api.us-west-1.amazonaws.com/default/DatasetTestPrivate[[{\"summary\": \"#alert#\", \"description\":\"#lastLogLines#\", \"project\":\"#project#\", \"type\":\"triggered\", \"trigger\":\"#trigger#\"}]]",
description: "Threat Intel DNS Matches",
gracePeriodMinutes: 0,
renotifyPeriodMinutes: 0,
resolutionDelayMinutes: 5,
trigger: "count:1 minutes(alert = \"#alert#\" logfile='powerquery' tag contains (\"pq_monitor\")) > 0"
}
]
9. Once that is configured, and the alert is triggered, we should see new tickets.
Comments
0 comments
Please sign in to leave a comment.