Table of Contents
The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the vulnerabilities count of 2023 is almost reaching to 5K within 2 months. Also, the vulnerabilities are getting weaponized faster than ever before.
Irrespective of size of the Organization, large or small, the primary objective is to reduce cyber risk. To achieve risk reduction, organizations need automation and better collaboration between IT and security to act quickly on urgent threats and reduce or eliminate risk. Instead of the manual tracking of vulnerabilities through excel sheets or pdf reports which leads to slow response times.
Atlassian Jira is widely used for issue and project tracking and many organizations including many Qualys customers are already using Jira for tracking projects. Now we are bringing the same world-class issue tracking capability for vulnerabilities directly into Jira.
Qualys is proud to announce seamless integration of VMDR with Jira to leverage it for tracking the vulnerabilities end to end from discovery to remediation.
Introducing Qualys VMDR integration with Jira
Qualys VMDR integration with Jira helps organizations automate vulnerability remediation workflows by providing real-time visibility into vulnerability status and streamline IT and Security operations to reduce time for remediation. The integration helps you to bring vulnerability context in Jira and to streamline the overall vulnerability tracking process along with the owners. The best part is we support both Cloud and on-premises Jira instances.
Start your 30-day free trial of Qualys VMDR with Qualys TruRiskTM
Here’s how it works?
Install the Jira Connector App
You need to make sure you have a valid Qualys VMDR subscription with API access enabled. Also a valid Jira user with admin privileges and Jira API token created. To download the installer, visit GitHub repository of the Jira connector application.
Execute the following command from your local directory based on what you are using:
- If you are using the docker compose standalone installation, docker-compose up
- If you are using the docker compose plugin, docker compose up
- Spin up the container in detached mode using the parameter, -d
Configure Jira Integration to Automatically Import Vulnerability Findings
By this point, you are ready with your installed application. Make sure you create a Jira project for vulnerability management if you do not have one already. This project will serve as the central location for tracking vulnerabilities and managing remediation efforts. So, let’s begin by providing the necessary configurations. Use the configuration template provided to get started.
- Navigate to your Jira Connector Docker volume > Open ‘_data’ > ‘config’ to view the out-of-the box provided config template.
- Select config.json.template > Rename to config.json.
- Open the renamed config.json file via text editor and provide the configurations as per you need.
- You can use the “Set the Profile parameters” field to set the filters, and sync intervals.
- Set the Profile parameters:
- “active”: Set this parameter to true or false to enable/disable creating tickets for that profile.
- “frequencyInMinutes”: Set the interval (in minutes) for Qualys client service to make periodic API calls to fetch data from the Qualys platform.
- “filter”: You can set filters to fetch specific data from the Qualys platform. The filters must be provided in a URL-encoded format.
- Set the Profile parameters:
- Configure the ticketing scheme based on your need in the “ticketingScheme” parameter.
- You can choose between inputs “1” or “2” for this parameter.
Ticketing Scheme Details
There are 2 types of ticketing scheme:
- Per_Detection_Separate_Ticket_Scheme
A single ticket (Host Vulnerability) is created for every unique combination of detected Host, QID and Port. Only if the detection status is New/Active/Reopen on every sync. If the detection is found Fixed, then close the ticket.
- Host_Vuln_Linking_Ticket_Schem
A parent ticket (Vulnerable Host ticket) is created for every host detected and synced by the host detection API. A child ticket (Vulnerability ticket) is then created for each unique combination of QID and Port.
Now on every sync, the Vulnerable Host ticket will be assigned to the respective Vulnerability ticket based on the detection status New/Active/Reopen. If found Fixed, then unlink the Vulnerability ticket.
View Vulnerability Tickets
All Set! Once the app is correctly configured, tickets will be created with rich information from Qualys vulnerability findings including solution text so that IT teams can get to work quickly.
Automatically Close Tickets
Open vulnerability tasks are automatically set to be closed once the finding is confirmed to be fixed by Qualys VMDR. On every sync, based on the ticketing scheme the respective action will be taken if the detection is found fixed.
E.g., If you have configured Per_Detection_Separate_Ticket_Scheme then detection tickets will be closed else vulnerability ticket will be unlinked from the vulnerability host ticket.
Executive Reporting & Dashboarding
The Qualys VMDR integration with Jira helps you drive all their vulnerability reporting directly from Jira. You can leverage the gadgets to create your own dashboards.
You can leverage the timely gadgets of the Jira to track the timing of the tickets and accordingly track the SLA for the ticket.
Overall, the integration of Qualys VMDR with Jira is a promising solution for organizations looking to improve their vulnerability management practices to reduce risk. By enabling collaboration between IT and Security teams and providing a common context for vulnerability remediation, this integration can help to address the challenges posed by the rising number of vulnerabilities and the use of disparate tools.
What’s Next?
Qualys is always working towards making the vulnerability management easier through improving end-to-end processes from discovery to prioritization to remediation… and now remediation tracking. That’s what makes us industry leader in Vulnerability Management.
This Qualys VMDR integration with Jira first release focuses on the critical use cases shared by customers. We will continue to add additional capabilities and use cases of vulnerability patching and support for more Qualys modules.
Tell us what you think?
As we roll out new capabilities, and integrations with the Qualys cloud platform we are always looking for feedback on how we can make the integrations even better. Give our Jira integration a try and tell us what you think by submitting your feedback here.
Learn More about Qualys VMDR with TruRiskTM
This post was first first published on Qualys Security Blog’ website by Swapnil Ahirrao. You can view it by clicking here