Yes, absolutely! If your organization configured Jira as a Lacework Alert Channel, you can easily apply a custom template.
In this post, we will develop a custom Jira template that will accomplish the following:
- Map the severity of Lacework Alerts to Jira's severity field
- Customize the default Summary field naming convention
Several of our customers take advantage of custom templates to override a variety of other default Jira settings. You can learn more about custom Jira templates here.
To develop a custom Jira template, start by creating a .json file and copy/paste the following json content.
{
"fields": {
"summary": "Lacework - $event_severity_str - $event_type"
},
"severity": {
"Critical": {
"id": "1"
},
"High": {
"id": "2"
},
"Medium": {
"id": "3"
},
"Low": {
"id": "4"
},
"Info": {
"id": "5"
}
}
}
In the above template, we are renaming the Jira ticket summary to the following format:
Lacework - [alert severity] - [alert name]
Of course, you could modify this template to specify your organization's preferred naming convention for Lacework alerts in Jira. The complete list of variables available to be included in your template can be found here.
To apply this custom template to your existing Jira Alert Channel integration, click on the integration within your Alert Channel settings view.
(If you do not already have a Jira Alert Channel configured, please create one)
Select to edit your existing integration and upload your custom template .json file within the Custom Template File field.
Once your template it uploaded, remember to save your integration!
Verify that you are prompted with the following message confirming that your Jira Alert Channel integration was successfully updated.
Congratulations! You implemented a custom Jira template.
If you have any additional questions or experienced an issue when following this post, please register for an upcoming Office Hour session here: Lacework Live Security Workshops
Agent
N/A
Platform
Tuning Lacework/Customization
Cloud
N/A