tenable / integration-jira-cloud Goto Github PK

Python 99.87% Dockerfile 0.13%

integration-jira-cloud's Introduction

Tenable to Jira Cloud Sync Tool

This integration is designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. Vulnerabilities are automatically closed once the state of the vulnerability is marked as "fixed" in Tenable.io or Tenable.sc.

The integration creates a Vulnerability Management Business project using the project key VULN and the Simplified Task Tracking template. The integration then creates the appropriate custom fields and links them to the associated screen that stores and displays all of the necessary information.
The integration creates a Task for each Vulnerability and creates each vulnerability instance as a Sub-task. Example: if you have 5 hosts with plugin 151074, the integration creates 1 Task with the details of 151074 and creates 5 Sub-tasks, each one pointing to a specific instance of the vulnerability on a specific host.
Vulnerability Instances (Sub-tasks) are closed automatically by the integration once the vulnerability is fixed in Tenable.io.
Vulnerabilities (Tasks) are closed once all Sub-tasks enter a closed state.
If a vulnerability is re-opened, new issue tickets are generated (The integration will not reopen previously closed issues (otherwise known as necromancy))
All data imports from Tenable.io use the last_found/last_seen fields. This ensures that all issues are updated whenever new information becomes available, unless overridden with the --first-discovery flag.
For those that don't mind a bit more management of the script in exchange for less permissions, there is a setup-only mode that will create the project, fields, and screens, then generate a full configuration file afterwards. This file must be then used for all future runs of the integration and may need to be modified with the new, non-elevated user's authentication settings.
Task summaries are generated using the following formula:

[Plugin ID] Plugin Name

Sub-task summaries are generated using the following formula:

[IP Address/Port Number/Protocol] [Plugin ID] Plugin Name

The integration will create the following fields into the Jira instance

Field Name	Field Type	v1 Field Type	Screen Tab
Tenable Asset UUID	labels	labels	Asset
Tenable Asset Tags	labels	labels	Asset
Tenable Platform	readonlyfield	readonlyfield	Asset
Device Hostname	readonlyfield	readonlyfield	Asset
Device NetBIOS Name	readonlyfield	readonlyfield	Asset
Device DNS Name	readonlyfield	readonlyfield	Asset
Device IPv4 Addresses	labels	labels	Asset
Device IPv6 Addresses	labels	labels	Asset
Device Network ID	readonlyfield	readonlyfield	Asset
Vulnerability Repository ID	readonlyfield	readonlyfield	Asset
Vulnerability Repository Name	readonlyfield	readonlyfield	Asset
CVEs	labels	labels	Vulnerability
Tenable VPR Score	float	readonlyfield	Vulnerability
CVSSv2 Base Score	float	readonlyfield	Vulnerability
CVSSv2 Temporal Score	float	readonlyfield	Vulnerability
CVSSv3 Base Score	float	readonlyfield	Vulnerability
CVSSv3 Temporal Score	float	readonlyfield	Vulnerability
Tenable Plugin ID	readonlyfield	readonlyfield	Vulnerability
Tenable Plugin Family	readonlyfield	readonlyfield	Vulnerability
Tenable Plugin Name	readonlyfield	readonlyfield	Vulnerability
Vulnerability Severity	readonlyfield	readonlyfield	Vulnerability
Vulnerability First Seen	datetime	datetime	Vulnerability
Vulnerability Last Seen	datetime	datetime	Vulnerability
Vulnerability Last Seen	datetime	datetime	Vulnerability
Vulnerability Last Fixed	datetime	datetime	Vulnerability
Vulnerability State	readonlyfield	readonlyfield	Vulnerability
Vulnerability Port	readonlyfield	readonlyfield	Vulnerability
Vulnerability Protocol	readonlyfield	readonlyfield	Vulnerability
Patch Publication Date	date	date	Vulnerability
Finding Severity	readonlyfield		Vulnerability
Tenable Finding ID	readonlyfield		Vulnerability

Vulnerability Definition (Task Issue-Type) uniqueness is determined by the following attributes:
- Tenable Plugin ID
Vulnerability Instance (Sub-Task Issue-Type) uniqueness is determines by the following attributes:
Tenable Platform
Tenable Plugin ID
Tenable Asset UUID
Device IPv4 Addresses
Device IPv6 Addresses
Vulnerability Port
Vulnerability Protocol

Requirements

Python 3.10+ Installed (Versions less than 3.10 are untested and YMMV).
Tenable.io API Keys associated to an account with "CanView" permissions for "AllAssets" (required for the Vuln Export APIs)
Tenable.sc API Keys associated to an account with full access to the vulnerability data.
For Tenable.sc, an Analysis Query ID that represents the query to run against the vulnerability data.
Jira Cloud Basic Auth API Token and Username. For automatic project creation and management, the account must have Admin privileges.
A host to run the script on. This can be located anywhere as the integration is cloud-to-cloud.

Permissions

The script requires Site Admin Access at least initially to create the project, the custom fields, and link everything to the right screens.
The script requires Admin access to the project that it has created. Depending on the permissions setup within your own Jira Cloud instance, this may not be enough however. If you are seeing errors, please refer to the list of required permissions (below).
If using setup-only (as Admin) to let the script create all of the requirements, afterwards, it's been reported that the following permissions should yield successful runs:
- Assignable User
- Assign Issues
- Close Issues
- Create Issues
- Delete Issues
- Edit Issues
- Link Issues
- Modify Reporter
- Move Issues
- Resolve Issues
- Schedule Issues
- Set Issue Security
- Transition Issues

Quickstart

Installation

pip install tenb2jira

Configuration

In order to configure the integration, pull either the New Integration or the Version 1 Migration configuration templates and add populate the configuration file with the relevant details. The configuration file has documentation within it that should walk you all of the available settings, however at a minimum, you will need to configure the following attributes within the following sections:

[tenable]
platform   = The platform we will be interfacing to.  Either "tvm" or "tsc"
access_key = The API Access key for the account
secret_key = The API Secret key for the account
url        = The URL (if not a TVM instance)

[jira]
api_username = The username that we will be interfacing with
api_token    = The API token we will be using for auth
url          = The URL for the Jira instance.

The rest of the settings in the configuration file are pre-configured for the most common use cases, however can be modified if need be. For information on what the various settings do, refer to the documentation within the config file itself for more information.

Once the configuration file has been modified and saved, you can confirm that the changes are still valid using the "validate" command within the CLI.

tenb2jira validate /path/to/config.toml

Initial Setup

We a valid configuration file, we can tell the integration to create and/or link up the project, issue-types, and fields necessary to make this integration run. To perform this operation, simply run the following:

tenb2jira build /path/to/config.toml

Once the Jira project setup process is complete, a series ot tables will be returned to the screen detailing what was setup, which should look similar to this:

If everything looks good, then we can move on to the actual sync!

General operation

This integration is designed to first query Jira and get the listing of open issues, store them in a sqlite database, and then query the Tenable platform to get the findings. From there we will match up against that mapping database any existing findings, search Jira for anything that could match if that fails, and lastly create a new issue if no matches exist in either the database or within Jira. For a more detailed workflow diagram, scroll to the bottom of this document.

Once the job has completed, a last_run parameter will also be added/updated to the [tenable] section of the configuration file. This parameter will be used for subsequent runs to pull the updates from that timestamp.

To launch the integration, just run the sync command:

tenb2jira sync /path/to/config.toml

integration-jira-cloud's People

Contributors

Stargazers

Watchers

integration-jira-cloud's Issues

getting some weird errors when running tenable-jira config.yaml

I'm running the tenable-jira config.yaml on CentOS 7 VM with Python 3.6 installed via scl and environment changes by "scl enable rh-python36 bash" , but get the below. Config file looks OK

[root@localhost ~]# tenable-jira config.yaml --setup-only
Traceback (most recent call last):
File "/opt/rh/rh-python36/root/usr/bin/tenable-jira", line 11, in
load_entry_point('tenable-jira-cloud==1.1.3', 'console_scripts', 'tenable-jira')()
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/tenable_jira/cli.py", line 57, in cli
logging.basicConfig(**log)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/logging/init.py", line 1829, in basicConfig
raise ValueError('Unrecognised argument(s): %s' % keys)
ValueError: Unrecognised argument(s): service

Any advise anyone ?
Thanks!

Question: Using existing project in JIRA

Can we use an existing project in JIRA instead of creating new one (VULN) ?

"description":"Operation value must be a string"

Hi Steve,

Sorry to bombard with issues!

When the connector tries to pull the vulnerabilities from Tenable it fails when populating the description field. Debug information below:

2020-04-15 09:15:25,655 root INFO Using configuration file config.yaml
2020-04-15 09:15:25,667 root INFO Running on Python 3.7.4 Darwin/x86_64
2020-04-15 09:15:25,674 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): ourjirainstance.compute.amazonaws.com:8080
2020-04-15 09:15:26,097 urllib3.connectionpool DEBUG https://ourjirainstance.compute.amazonaws.com:8080 "GET /rest/api/latest/project/VULN HTTP/1.1" 200 None
2020-04-15 09:15:26,230 urllib3.connectionpool DEBUG https://ourjirainstance.compute.amazonaws.com:8080 "GET /rest/api/latest/field HTTP/1.1" 200 None
2020-04-15 09:15:26,355 urllib3.connectionpool DEBUG https://ourjirainstance.compute.amazonaws.com:8080 "GET /rest/api/latest/issuetype HTTP/1.1" 200 None
2020-04-15 09:15:26,356 tenable_jira.jira.Jira DEBUG uri=https://ourjirainstance.compute.amazonaws.com:8080/rest/api/latest/screens, query={'startAt': 0, 'maxResults': 100}, body={}
2020-04-15 09:15:26,536 urllib3.connectionpool DEBUG https://ourjirainstance.compute.amazonaws.com:8080 "GET /rest/api/latest/screens?startAt=0&maxResults=100 HTTP/1.1" 200 None
2020-04-15 09:15:26,538 tenable_jira.transform.Tio2Jira INFO Using JIRA Screens []
2020-04-15 09:15:26,538 tenable.io.TenableIO DEBUG path=vulns/export, query={}, body={'filters': {'severity': ['high', 'critical']}, 'num_assets': '1000'}
2020-04-15 09:15:26,945 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): cloud.tenable.com:443
2020-04-15 09:15:27,515 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
2020-04-15 09:15:27,516 tenable.io.TenableIO DEBUG Request-UUID 9c39381a1a2c2ef34a598af455d9c543 for https://cloud.tenable.com/vulns/export
2020-04-15 09:15:27,516 tenable.io.TenableIO DEBUG Initiated vuln export 51be8776-72f3-49cf-bc62-93b6e7ac83a3
2020-04-15 09:15:27,685 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:27,686 tenable.io.TenableIO DEBUG Request-UUID bd28d547bcf38cee03cb402133179d3b for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:28,848 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:28,849 tenable.io.TenableIO DEBUG Request-UUID 4af5ea77da0f1938a1bd6b5ff4b17997 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:30,080 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:30,081 tenable.io.TenableIO DEBUG Request-UUID 24dbe49e501a39357782e6ea1d5efddf for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:31,210 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:31,212 tenable.io.TenableIO DEBUG Request-UUID 932413095ee3f6c49a07e96037665531 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:32,537 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:32,538 tenable.io.TenableIO DEBUG Request-UUID 7b0b53dc2ec6dd9e25650562181cd94b for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:33,672 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:33,673 tenable.io.TenableIO DEBUG Request-UUID bec07ccf8ed2cf7d6f5cf70b3155310e for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:34,833 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:34,834 tenable.io.TenableIO DEBUG Request-UUID eeb057dfa338c37f03a9b0fe6e07eab1 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:36,035 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:36,036 tenable.io.TenableIO DEBUG Request-UUID fd700b7c8cae97b1415e1a7e8d901816 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:37,278 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:37,279 tenable.io.TenableIO DEBUG Request-UUID 5ca3101525c0d236aae9f49c4aaf72d2 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:38,464 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:38,465 tenable.io.TenableIO DEBUG Request-UUID 054c80b993eb07ce7190c51e42e356b0 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:39,705 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:39,706 tenable.io.TenableIO DEBUG Request-UUID 9febf0b4b14b1f256ece1afaf8cdedb7 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:40,856 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status HTTP/1.1" 200 None
2020-04-15 09:15:40,856 tenable.io.TenableIO DEBUG Request-UUID e15bf14f11a8d0de80a2e2de50926af6 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/status
2020-04-15 09:15:41,516 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/chunks/7 HTTP/1.1" 200 40903007
2020-04-15 09:15:48,384 tenable.io.TenableIO DEBUG Request-UUID 7195eef7b0ddf9032b85d687facc7461 for https://cloud.tenable.com/vulns/export/51be8776-72f3-49cf-bc62-93b6e7ac83a3/chunks/7
2020-04-15 09:15:48,888 tenable_jira.transform.Tio2Jira DEBUG Label Detected.  Config={'jira_field': 'Tenable Asset UUID', 'type': 'labels', 'searcher': 'labelsearcher', 'issue_type': ['Sub-task'], 'tio_field': 'asset.uuid', 'jira_id': 'customfield_11825'} value=3361d5a5-9587-418c-8a53-717d2bb4f82d
2020-04-15 09:15:48,888 tenable_jira.transform.Tio2Jira DEBUG Label Detected.  Config={'jira_field': 'Device IPv4 Addresses', 'type': 'labels', 'searcher': 'labelsearcher', 'issue_type': ['Sub-task'], 'tio_field': 'asset.ipv4', 'tsc_field': 'ip', 'jira_id': 'customfield_11810'} value=192.168.0.11
2020-04-15 09:15:48,888 tenable_jira.transform.Tio2Jira DEBUG Label Detected.  Config={'jira_field': 'Device Hostname', 'type': 'labels', 'searcher': 'labelsearcher', 'issue_type': ['Sub-task'], 'tio_field': 'asset.hostname', 'tsc_field': 'dnsName', 'jira_id': 'customfield_11812'} value=strlt-033562
2020-04-15 09:15:48,888 tenable_jira.jira.Jira DEBUG uri=https://ourjirainstance.compute.amazonaws.com:8080/rest/api/latest/search, query={}, body={"jql": "project = \"VULN\" and issuetype = \"Task\" and status not in (Closed, Done, Resolved) and \"Tenable Plugin ID\" ~ \"102082\""}
2020-04-15 09:15:48,890 urllib3.connectionpool DEBUG Resetting dropped connection: ourjirainstance.compute.amazonaws.com
2020-04-15 09:15:49,350 urllib3.connectionpool DEBUG https://ourjirainstance.compute.amazonaws.com:8080 "POST /rest/api/latest/search HTTP/1.1" 200 None
2020-04-15 09:15:49,352 tenable_jira.jira.Jira DEBUG uri=https://ourjirainstance.compute.amazonaws.com:8080/rest/api/latest/issue, query={'update_history': False}, body={"fields": {"project": {"key": "VULN"}, "issuetype": {"id": "10005"}, "customfield_11803": "10.0", "customfield_11805": "10.0", "customfield_11510": "102082", "customfield_11533": "Windows", "customfield_11807": "Microsoft Access Unsupported Version Detection", "customfield_11808": "Critical", "summary": "[102082] Microsoft Access Unsupported Version Detection", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "According to its self-reported version number, the installation of\nMicrosoft Access on the remote Windows host is no longer supported.\n\nLack of support implies that no new security patches for the product\nwill be released by the vendor. As a result, it is likely to contain\nsecurity vulnerabilities."}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Upgrade to a version of Microsoft Access that is currently\nsupported."}]}]}}}
2020-04-15 09:15:49,436 urllib3.connectionpool DEBUG https://ourjirainstance.compute.amazonaws.com:8080 "POST /rest/api/latest/issue?update_history=False HTTP/1.1" 400 None
2020-04-15 09:15:49,466 restfly.errors.BadRequestError ERROR [400: POST] https://ourjirainstance.compute.amazonaws.com:8080/rest/api/latest/issue?update_history=False body=b'{"errorMessages":[],"errors":{"description":"Operation value must be a string"}}'

And a copy of config.YAML

  # Tenable.io or API Access Key
  access_key: removed
  # Tenable.io or API Secret Key
  secret_key: removed

jira:
  # The API Token to use to authenticate to the Jira application
  api_token: removed

  # The User that will be authenticaing to the Jira application
  api_username: removed

  # The address pointing to the Jira application.
  address: ourjirainstance.compute.amazonaws.com:8080

project:
  key: VULN
  name: Vulnerability Management

  # The lead account id for the primary user for the project.
  lead: removed

  # Screen definition section
#screen:
  # What screens should we be managing?
 #name:
   #- "VULN: Task Management Create Issue Screen"
   #- "VULN: Task Management Edit/View Issue Screen"

# The following log definitions are optional.  Only specify these if you want
# to change the default logging behavior of only outputting warnings and errors
# to the screen.
log:
  # What is the logging level desired?  Available levels are:
  #   debug, info, warn, error
  # The default level if unspecified is "warn"
  level: debug```

Thanks,
Peter

errors:{"issuetype":"The issue type selected is invalid."}}

Hi Steven,

We were successful when we used the script on our test jira instance. However now when we moved to our production Jira instance, we get this error when running the script. I have made sure that the settings is like for like with the test jira project:

2020-04-01 09:29:22,961 urllib3.connectionpool DEBUG https://production.atlassian.net:443 "POST /rest/api/3/issue?update_history=False HTTP/1.1" 400 None
2020-04-01 09:29:22,963 restfly.errors.BadRequestError ERROR [400: POST] https://production.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"issuetype":"The issue type selected is invalid."}}'

Any help and guidance would be appreciated.

Import Lower severity Vulns

Default the integration only imports critical and high severity vulnerabilities.

If I wanted to import lows and mediums would I modify the config.py and add - medium and low to this section?:

Tenable.io vulnerability severities to convert to JIRA tickets.

tio_severities:
- high
- critical

Will this deployment remove/overwrite / or append an pre-existing VULN project board?

The readme.md states "The integration creates a Vulnerability Management project using the project key VULN."

Right now our organization has a JIRA board with the key VULN.

Will this deployment remove/overwrite / or append an pre-existing VULN project board?

Support Accepted Risks in Tenable.io

Is it possible to exclude vulnerabilities that have risks accepted or ignored? I see that they populate tickets.

Question: Can we customize the Jira tasks to contain Hosts and subtasks to pluginId?

"Task for each Vulnerability and creates each vulnerability instance as a Sub-task".

Instead, can we customize Task with vulnerability instance(IP address) and Subtask with vulnerabilities of all severities associated with an instance?
Can we pull hostname instead of IP Address?
If I've created SOME jira tickets manually from a scan ran today, does this configuration create duplicates if I set the -s, --observed-since option to today?

Integration Cannot Create Project / Fields

So after revisiting this, and trying with both a specific API user account we created in Tenable (and assigned all possible admin privileges to that is now marked as Site Admin in the user list) and my own Jira account (which is also a Site Admin) we now get various errors back when running the script with with --setup-only flag and without.

When using the specific API user account we've created in Jira Cloud (which has Site Admin) we get the following error back:

C:\Program Files\Python37\Scripts>tenable-jira.exe tenable-jira-config.yaml
2020-02-18 14:31:15,936 restfly.errors.BadRequestError ERROR [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"customfield_10126":"Field \'customfield_10126\' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field \'description\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10120":"Field \'customfield_10120\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10124":"Field \'customfield_10124\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10125":"Field \'customfield_10125\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10048":"Field \'customfield_10048\' cannot be set. It is not on the appropriate screen, or unknown."}}'
Traceback (most recent call last):
  File "C:\Program Files\Python37\Scripts\tenable-jira-script.py", line 11, in <module>
    load_entry_point('tenable-jira-cloud==1.1.0', 'console_scripts', 'tenable-jira')()
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "c:\program files\python37\lib\site-packages\tenable_jira\cli.py", line 104, in cli
    ingest.ingest(observed_since)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 421, in ingest
    self.create_issues(vulns)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 377, in create_issues
    self._process_open_vuln(v, fid)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 314, in _process_open_vuln
    i = self._jira.issues.upsert(fields=issue, jql=' and '.join(jql))
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\issues.py", line 48, in upsert
    issue = self.create(**kwargs)
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\issues.py", line 20, in create
    json=kwargs
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 429, in post
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 376, in _request
restfly.errors.BadRequestError: [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"customfield_10126":"Field \'customfield_10126\' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field \'description\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10120":"Field \'customfield_10120\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10124":"Field \'customfield_10124\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10125":"Field \'customfield_10125\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10048":"Field \'customfield_10048\' cannot be set. It is not on the appropriate screen, or unknown."}}'

If I run the same with values in the config file that include my username, leadAccountId and an API key I generated for my own Jira account (which is also a Site Admin) then I get the following error back, similarly:

C:\Program Files\Python37\Scripts>tenable-jira.exe tenable-jira-config-2.yaml
2020-02-18 14:44:46,650 restfly.errors.BadRequestError ERROR [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"customfield_10126":"Field \'customfield_10126\' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field \'description\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10120":"Field \'customfield_10120\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10124":"Field \'customfield_10124\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10125":"Field \'customfield_10125\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10048":"Field \'customfield_10048\' cannot be set. It is not on the appropriate screen, or unknown."}}'
Traceback (most recent call last):
  File "C:\Program Files\Python37\Scripts\tenable-jira-script.py", line 11, in <module>
    load_entry_point('tenable-jira-cloud==1.1.0', 'console_scripts', 'tenable-jira')()
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "c:\program files\python37\lib\site-packages\tenable_jira\cli.py", line 104, in cli
    ingest.ingest(observed_since)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 421, in ingest
    self.create_issues(vulns)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 377, in create_issues
    self._process_open_vuln(v, fid)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 314, in _process_open_vuln
    i = self._jira.issues.upsert(fields=issue, jql=' and '.join(jql))
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\issues.py", line 48, in upsert
    issue = self.create(**kwargs)
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\issues.py", line 20, in create
    json=kwargs
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 429, in post
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 376, in _request
restfly.errors.BadRequestError: [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"customfield_10126":"Field \'customfield_10126\' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field \'description\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10120":"Field \'customfield_10120\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10124":"Field \'customfield_10124\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10125":"Field \'customfield_10125\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10048":"Field \'customfield_10048\' cannot be set. It is not on the appropriate screen, or unknown."}}'

I create projects, screens, custom field, etc all the time so most definitely have the appropriate access.

Any pointers?

Do you have an example for setting up the environment variables ?

Right now I have the integration running as an apple script alert that triggers every day at a certain time. ... eventually looking to move this into an AWS Lambda.

I know that this can be triggered to run on a set cadence via
SINCE The observed-since option.
RUN_EVERY The run-every option.

Do you have any examples of this? What is the format that the variables should be stored in?

For example, I want to run every day to pull results from the previous day

Issue importing Tenable.io vulnerabilities from Tenable.sc

Hi Steve,

Background:
We setup Tenable.io to forward all vulnerabilities to Tenable.sc, so we now have tenable.sc with tenable.io (specifically agent.io) vulnerabilities imported.

The issue:
As usual, we ran the tenable-jira integration. However it failed and the error was specifically to do with importing the tenable.io vulnerability into jira:
2020-04-07 12:26:40,574 urllib3.connectionpool DEBUG https://production.atlassian.net:443 "POST /rest/api/3/search HTTP/1.1" 200 None
2020-04-07 12:26:40,577 tenable_jira.jira.Jira DEBUG uri=https://production.atlassian.net/rest/api/3/issue, query={'update_history': False}, body={"fields": {"project": {"key": "VULN"}, "issuetype": {"id": 18}, "customfield_16104": "1002093", "customfield_16105": "N/A", "customfield_16106": "1.1.1.1 Ensure mounting of freevxfs filesystems is disabled - modprobe", "customfield_16107": "High", "summary": "[1002093] 1.1.1.1 Ensure mounting of freevxfs filesystems is disabled - modprobe", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": ""}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": ""}]}]}}}
2020-04-07 12:26:41,046 urllib3.connectionpool DEBUG https://production.atlassian.net:443 "POST /rest/api/3/issue?update_history=False HTTP/1.1" 400 None
2020-04-07 12:26:41,049 restfly.errors.BadRequestError ERROR [400: POST] https://production.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":["We can't create this issue for you right now, it could be due to unsupported content you've entered into one or more of the issue fields. If this situation persists, contact your administrator as they'll be able to access more specific information in the log file."],"errors":{}}'

Through my testing, looks like it fails whilst importing any plugins that are tenable.io specific.

The strange thing was when I tweaked the config file to connect directly into Tenable.io, the import into Jira worked fine without any issues. However this is not ideal, as it would be useful to import directly from Tenable.sc in one go.

Any help/guidance would be appreciated.

Thanks for your time.

Subtask uniqueness searching incorrectly specified IPv4 and IPv6 fields

looking at the debug logs of the script running and Jira. It looks like the script updates existing subtasks without creating new ones:
So if a vulnerbility has 4 IPs/assets associated with it:
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
I can see calls being made to Jira for each of the IP's. However it updates the same subtask, so in the end you will have the ip 10.0.0.4.

Is the script limited to creating only 1 subtasks? hence why it doesn't create new subtasks?

This section defines the issue-types & how to search them. There should only# ever be a singular "standard" and no more than 1 "subtask". The issue-type# name is what will be used throughout the rest of the config file to determine# what issue-type gets what data fields.

Error When Connecting Dev Instance of Jira Which Uses Self Signed Certificate

When I try to connect to our Dev instance of Jira I get the following error:

Max retries exceeded with url: /rest/api/3/project/XXX (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1051)')))

The Dev instance does use a self signed certificate and this will probably not change. Is there a way to skip the certificate check if only for the dev instance?

Thanks

bad request when the integration searches Jira projects

I've succesfully run the integration and it created the VULN project in Jira. But then this happens:

restfly.errors.BadRequestError: [400: POST] https://asfdaac.atlassian.net/rest/api/3/search body=b'{"errorMessages":["The value \'VULN\' does not exist for the field \'project\'.","Field \'issuetype\' does not exist or you do not have permission to view it.","Field \'Tenable Plugin ID\' does not exist or you do not have permission to view it."],"warningMessages":[]}'

The Jira user has full administrator access to the Jira app. Any ideas?

Here's the full console output:

2020-03-27 14:02:15,583 root INFO Tenable2JiraCloud Version 1.1.3
2020-03-27 14:02:15,584 root INFO Using configuration file config.yaml
2020-03-27 14:02:15,584 root INFO Running on Python 3.7.6 Linux/x86_64
2020-03-27 14:02:15,585 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): asfdaac.atlassian.net:443
2020-03-27 14:02:16,080 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/project/VULN HTTP/1.1" 200 None
2020-03-27 14:02:16,264 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/field HTTP/1.1" 200 None
2020-03-27 14:02:16,268 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Tenable Platform", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:16,564 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:16,567 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "CVEs", "type": "com.atlassian.jira.plugin.system.customfieldtypes:labels", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:labelsearcher", "description": ""}
2020-03-27 14:02:16,774 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:16,777 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "CVSSv2 Base Score", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:16,979 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:16,982 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "CVSSv2 Temporal Score", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:17,201 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:17,203 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "CVSSv3 Base Score", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:17,491 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:17,493 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "CVSSv3 Temporal Score", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:17,696 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:17,699 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Tenable Plugin ID", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:18,100 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:18,103 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Tenable Plugin Family", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:18,310 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:18,313 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Tenable Plugin Name", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:18,515 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:18,518 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Severity", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:18,862 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:18,863 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Tenable Asset UUID", "type": "com.atlassian.jira.plugin.system.customfieldtypes:labels", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:labelsearcher", "description": ""}
2020-03-27 14:02:19,083 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:19,085 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device MAC Addresses", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:19,334 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:19,337 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device IPv4 Addresses", "type": "com.atlassian.jira.plugin.system.customfieldtypes:labels", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:labelsearcher", "description": ""}
2020-03-27 14:02:19,540 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:19,542 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device IPv6 Addresses", "type": "com.atlassian.jira.plugin.system.customfieldtypes:labels", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:labelsearcher", "description": ""}
2020-03-27 14:02:19,846 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:19,849 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device Hostname", "type": "com.atlassian.jira.plugin.system.customfieldtypes:labels", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:labelsearcher", "description": ""}
2020-03-27 14:02:20,154 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:20,156 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device NetBIOS Name", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:20,462 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:20,465 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device DNS Name", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:20,660 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:20,663 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Device Network ID", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:20,973 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:20,976 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability First Seen", "type": "com.atlassian.jira.plugin.system.customfieldtypes:datetime", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:datetimerange", "description": ""}
2020-03-27 14:02:21,387 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:21,390 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Last Seen", "type": "com.atlassian.jira.plugin.system.customfieldtypes:datetime", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:datetimerange", "description": ""}
2020-03-27 14:02:21,684 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:21,691 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Last Fixed", "type": "com.atlassian.jira.plugin.system.customfieldtypes:datetime", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:datetimerange", "description": ""}
2020-03-27 14:02:21,875 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:21,877 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability State", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:22,202 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:22,205 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Port", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:22,408 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:22,410 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Protocol", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:22,816 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:22,819 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Repository ID", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:23,012 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:23,014 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Vulnerability Repository Name", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:23,208 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:23,211 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/field, query={}, body={"name": "Tenable VPR Score", "type": "com.atlassian.jira.plugin.system.customfieldtypes:readonlyfield", "searcherKey": "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher", "description": ""}
2020-03-27 14:02:23,636 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/field HTTP/1.1" 201 None
2020-03-27 14:02:23,751 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/issuetype HTTP/1.1" 200 None
2020-03-27 14:02:23,754 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/screens, query={'startAt': 0, 'maxResults': 100}, body={}
2020-03-27 14:02:23,865 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens?startAt=0&maxResults=100 HTTP/1.1" 200 None
2020-03-27 14:02:23,869 tenable_jira.transform.Tio2Jira INFO Using JIRA Screens [12054, 12055]
2020-03-27 14:02:23,965 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens/12054/tabs HTTP/1.1" 200 None
2020-03-27 14:02:24,078 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens/12054/tabs/12156/fields HTTP/1.1" 200 None
2020-03-27 14:02:24,080 tenable_jira.transform.Tio2Jira INFO CVEs already exists in 12054:12156
2020-03-27 14:02:24,081 tenable_jira.transform.Tio2Jira INFO Tenable VPR Score already exists in 12054:12156
2020-03-27 14:02:24,081 tenable_jira.transform.Tio2Jira INFO CVSSv2 Base Score already exists in 12054:12156
2020-03-27 14:02:24,081 tenable_jira.transform.Tio2Jira INFO CVSSv2 Temporal Score already exists in 12054:12156
2020-03-27 14:02:24,081 tenable_jira.transform.Tio2Jira INFO CVSSv3 Base Score already exists in 12054:12156
2020-03-27 14:02:24,082 tenable_jira.transform.Tio2Jira INFO CVSSv3 Temporal Score already exists in 12054:12156
2020-03-27 14:02:24,082 tenable_jira.transform.Tio2Jira INFO Tenable Plugin ID already exists in 12054:12156
2020-03-27 14:02:24,082 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Family already exists in 12054:12156
2020-03-27 14:02:24,082 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Name already exists in 12054:12156
2020-03-27 14:02:24,082 tenable_jira.transform.Tio2Jira INFO Vulnerability Severity already exists in 12054:12156
2020-03-27 14:02:24,083 tenable_jira.transform.Tio2Jira INFO Vulnerability First Seen already exists in 12054:12156
2020-03-27 14:02:24,083 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Seen already exists in 12054:12156
2020-03-27 14:02:24,083 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Fixed already exists in 12054:12156
2020-03-27 14:02:24,083 tenable_jira.transform.Tio2Jira INFO Vulnerability State already exists in 12054:12156
2020-03-27 14:02:24,084 tenable_jira.transform.Tio2Jira INFO Vulnerability Port already exists in 12054:12156
2020-03-27 14:02:24,084 tenable_jira.transform.Tio2Jira INFO Vulnerability Protocol already exists in 12054:12156
2020-03-27 14:02:24,188 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens/12054/tabs/12157/fields HTTP/1.1" 200 None
2020-03-27 14:02:24,190 tenable_jira.transform.Tio2Jira INFO Tenable Asset UUID already exists in 12054:12157
2020-03-27 14:02:24,191 tenable_jira.transform.Tio2Jira INFO Tenable Platform already exists in 12054:12157
2020-03-27 14:02:24,191 tenable_jira.transform.Tio2Jira INFO Device Hostname already exists in 12054:12157
2020-03-27 14:02:24,191 tenable_jira.transform.Tio2Jira INFO Device NetBIOS Name already exists in 12054:12157
2020-03-27 14:02:24,191 tenable_jira.transform.Tio2Jira INFO Device DNS Name already exists in 12054:12157
2020-03-27 14:02:24,192 tenable_jira.transform.Tio2Jira INFO Device IPv4 Addresses already exists in 12054:12157
2020-03-27 14:02:24,192 tenable_jira.transform.Tio2Jira INFO Device IPv6 Addresses already exists in 12054:12157
2020-03-27 14:02:24,192 tenable_jira.transform.Tio2Jira INFO Device MAC Addresses already exists in 12054:12157
2020-03-27 14:02:24,192 tenable_jira.transform.Tio2Jira INFO Device Network ID already exists in 12054:12157
2020-03-27 14:02:24,193 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository ID already exists in 12054:12157
2020-03-27 14:02:24,193 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository Name already exists in 12054:12157
2020-03-27 14:02:24,284 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens/12055/tabs HTTP/1.1" 200 None
2020-03-27 14:02:24,399 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens/12055/tabs/12158/fields HTTP/1.1" 200 None
2020-03-27 14:02:24,403 tenable_jira.transform.Tio2Jira INFO CVEs already exists in 12055:12158
2020-03-27 14:02:24,403 tenable_jira.transform.Tio2Jira INFO Tenable VPR Score already exists in 12055:12158
2020-03-27 14:02:24,403 tenable_jira.transform.Tio2Jira INFO CVSSv2 Base Score already exists in 12055:12158
2020-03-27 14:02:24,404 tenable_jira.transform.Tio2Jira INFO CVSSv2 Temporal Score already exists in 12055:12158
2020-03-27 14:02:24,404 tenable_jira.transform.Tio2Jira INFO CVSSv3 Base Score already exists in 12055:12158
2020-03-27 14:02:24,404 tenable_jira.transform.Tio2Jira INFO CVSSv3 Temporal Score already exists in 12055:12158
2020-03-27 14:02:24,404 tenable_jira.transform.Tio2Jira INFO Tenable Plugin ID already exists in 12055:12158
2020-03-27 14:02:24,404 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Family already exists in 12055:12158
2020-03-27 14:02:24,405 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Name already exists in 12055:12158
2020-03-27 14:02:24,405 tenable_jira.transform.Tio2Jira INFO Vulnerability Severity already exists in 12055:12158
2020-03-27 14:02:24,405 tenable_jira.transform.Tio2Jira INFO Vulnerability First Seen already exists in 12055:12158
2020-03-27 14:02:24,405 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Seen already exists in 12055:12158
2020-03-27 14:02:24,405 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Fixed already exists in 12055:12158
2020-03-27 14:02:24,406 tenable_jira.transform.Tio2Jira INFO Vulnerability State already exists in 12055:12158
2020-03-27 14:02:24,406 tenable_jira.transform.Tio2Jira INFO Vulnerability Port already exists in 12055:12158
2020-03-27 14:02:24,406 tenable_jira.transform.Tio2Jira INFO Vulnerability Protocol already exists in 12055:12158
2020-03-27 14:02:24,508 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "GET /rest/api/3/screens/12055/tabs/12159/fields HTTP/1.1" 200 None
2020-03-27 14:02:24,511 tenable_jira.transform.Tio2Jira INFO Tenable Asset UUID already exists in 12055:12159
2020-03-27 14:02:24,512 tenable_jira.transform.Tio2Jira INFO Tenable Platform already exists in 12055:12159
2020-03-27 14:02:24,512 tenable_jira.transform.Tio2Jira INFO Device Hostname already exists in 12055:12159
2020-03-27 14:02:24,512 tenable_jira.transform.Tio2Jira INFO Device NetBIOS Name already exists in 12055:12159
2020-03-27 14:02:24,512 tenable_jira.transform.Tio2Jira INFO Device DNS Name already exists in 12055:12159
2020-03-27 14:02:24,512 tenable_jira.transform.Tio2Jira INFO Device IPv4 Addresses already exists in 12055:12159
2020-03-27 14:02:24,512 tenable_jira.transform.Tio2Jira INFO Device IPv6 Addresses already exists in 12055:12159
2020-03-27 14:02:24,513 tenable_jira.transform.Tio2Jira INFO Device MAC Addresses already exists in 12055:12159
2020-03-27 14:02:24,513 tenable_jira.transform.Tio2Jira INFO Device Network ID already exists in 12055:12159
2020-03-27 14:02:24,513 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository ID already exists in 12055:12159
2020-03-27 14:02:24,513 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository Name already exists in 12055:12159
2020-03-27 14:02:24,513 tenable.io.TenableIO DEBUG {"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"severity": ["high", "critical"]}, "num_assets": "1000"}}
2020-03-27 14:02:24,515 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): cloud.tenable.com:443
2020-03-27 14:02:24,823 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
2020-03-27 14:02:24,826 tenable.io.TenableIO DEBUG Request-UUID 6d45d47ff435c6229298086552830a3f for https://cloud.tenable.com/vulns/export
2020-03-27 14:02:24,826 tenable.io.TenableIO DEBUG Initiated vuln export b41691d7-feef-40df-a6ac-a4bd2ccb590e
2020-03-27 14:02:24,827 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status", "params": {}, "body": {}}
2020-03-27 14:02:25,014 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status HTTP/1.1" 200 None
2020-03-27 14:02:25,018 tenable.io.TenableIO DEBUG Request-UUID dea33e342ba131b5a72e95c0a0e28b37 for https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status
2020-03-27 14:02:27,021 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status", "params": {}, "body": {}}
2020-03-27 14:02:27,143 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status HTTP/1.1" 200 None
2020-03-27 14:02:27,147 tenable.io.TenableIO DEBUG Request-UUID 0e5f36f60739c083d1bea0516f2adbc8 for https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status
2020-03-27 14:02:30,150 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status", "params": {}, "body": {}}
2020-03-27 14:02:30,312 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status HTTP/1.1" 200 None
2020-03-27 14:02:30,316 tenable.io.TenableIO DEBUG Request-UUID ccdba4a316a7e617e35cc9e9208f8dea for https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/status
2020-03-27 14:02:30,316 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/chunks/1", "params": {}, "body": {}}
2020-03-27 14:02:30,487 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/chunks/1 HTTP/1.1" 200 4485
2020-03-27 14:02:30,490 tenable.io.TenableIO DEBUG Request-UUID 9eb497fd53e04d8e1c26ded339a017e7 for https://cloud.tenable.com/vulns/export/b41691d7-feef-40df-a6ac-a4bd2ccb590e/chunks/1
2020-03-27 14:02:30,492 tenable_jira.transform.Tio2Jira DEBUG Label Detected.  Config={'jira_field': 'Tenable Asset UUID', 'type': 'labels', 'searcher': 'labelsearcher', 'issue_type': ['Sub-task'], 'tio_field': 'asset.uuid', 'jira_id': 'customfield_11036'} value=8e4a4b09-27ff-4d8c-8949-6e6e0d35c3db
2020-03-27 14:02:30,492 tenable_jira.transform.Tio2Jira DEBUG Label Detected.  Config={'jira_field': 'Device IPv4 Addresses', 'type': 'labels', 'searcher': 'labelsearcher', 'issue_type': ['Sub-task'], 'tio_field': 'asset.ipv4', 'tsc_field': 'ip', 'jira_id': 'customfield_11038'} value=10.40.20.38
2020-03-27 14:02:30,493 tenable_jira.transform.Tio2Jira DEBUG Label Detected.  Config={'jira_field': 'Device Hostname', 'type': 'labels', 'searcher': 'labelsearcher', 'issue_type': ['Sub-task'], 'tio_field': 'asset.hostname', 'tsc_field': 'dnsName', 'jira_id': 'customfield_11040'} value=10.40.20.38
2020-03-27 14:02:30,493 tenable_jira.jira.Jira DEBUG uri=https://asfdaac.atlassian.net/rest/api/3/search, query={}, body={"jql": "project = \"VULN\" and issuetype = \"Task\" and status not in (Closed, Done, Resolved) and \"Tenable Plugin ID\" ~ \"20007\""}
2020-03-27 14:02:30,833 urllib3.connectionpool DEBUG https://asfdaac.atlassian.net:443 "POST /rest/api/3/search HTTP/1.1" 400 None
2020-03-27 14:02:30,835 restfly.errors.BadRequestError ERROR [400: POST] https://asfdaac.atlassian.net/rest/api/3/search body=b'{"errorMessages":["The value \'VULN\' does not exist for the field \'project\'.","Field \'issuetype\' does not exist or you do not have permission to view it.","Field \'Tenable Plugin ID\' does not exist or you do not have permission to view it."],"warningMessages":[]}'
Traceback (most recent call last):
  File "/usr/local/bin/tenable-jira", line 11, in <module>
    load_entry_point('tenable-jira-cloud==1.1.3', 'console_scripts', 'tenable-jira')()
  File "/usr/local/lib64/python3.7/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib64/python3.7/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib64/python3.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib64/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/tenable_jira/cli.py", line 104, in cli
    ingest.ingest(observed_since)
  File "/usr/local/lib/python3.7/site-packages/tenable_jira/transform.py", line 449, in ingest
    self.create_issues(vulns)
  File "/usr/local/lib/python3.7/site-packages/tenable_jira/transform.py", line 405, in create_issues
    self._process_open_vuln(v, fid)
  File "/usr/local/lib/python3.7/site-packages/tenable_jira/transform.py", line 342, in _process_open_vuln
    i = self._jira.issues.upsert(fields=issue, jql=' and '.join(jql))
  File "/usr/local/lib/python3.7/site-packages/tenable_jira/jira/issues.py", line 40, in upsert
    resp = self.search(jql)
  File "/usr/local/lib/python3.7/site-packages/tenable_jira/jira/issues.py", line 12, in search
    return self._api.post('search', json=kwargs).json()
  File "/usr/local/lib/python3.7/site-packages/restfly/session.py", line 429, in post
    return self._request('POST', path, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/restfly/session.py", line 376, in _request
    raise err(resp, retries=retries)
restfly.errors.BadRequestError: [400: POST] https://asfdaac.atlassian.net/rest/api/3/search body=b'{"errorMessages":["The value \'VULN\' does not exist for the field \'project\'.","Field \'issuetype\' does not exist or you do not have permission to view it.","Field \'Tenable Plugin ID\' does not exist or you do not have permission to view it."],"warningMessages":[]}'

And here's the (sanitized) config file I'm using:

tenable:
  access_key: <sanitized>
  secret_key: <sanitized>

jira:
  api_token: <sanitized>
  api_username: <sanitized>
  address: asfdaac.atlassian.net

project:
  leadAccountId: 5e7e3d7e2e3fce0c33ebd5f3

log:
  level: debug

T.sc Support

As a T.sc user i'd like the ability to leverage this integration to pull T.sc vulnerabilities into Jira Cloud.

Jira Service Desk

Is this integration compatible with Jira Service Desk?

Issue Type Errors preventing creation of Jira tickets

We were able to get the plugin installed and we actually got it to generate one ticket, but then it stopped and presented us with a "Issue type Error". we have gone back an verified the issue type internal IDs for task and sub task and explictly set them in the config. Our Jira instance is pretty cluttered so it could be the result set is ambigous which is why its not finding things correctly. Using the test script provided in the tenable github repo I see many results for the task and subtask issue types. Does anyone have a way to help the plugin navigate a cluttered Jira instance? thank you

Upgraded to 1.1.6 and received the following error. NameError: name 'tio' is not defined

File "/usr/local/bin/tenable-jira", line 8, in <module> sys.exit(cli()) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 829, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 782, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1066, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 610, in invoke return callback(*args, **kwargs) File "/usr/local/lib/python3.7/site-packages/tenable_jira/cli.py", line 109, in cli if int(tio.sessions.details().get('permissions')) < 64: NameError: name 'tio' is not defined

Split Description, Solution and Output

Can the three parts of the description field be broken out. This will greatly enhance our searching ability as a lot of the times the description field as keys words that we either do or don't want in our solution searches.

Example would be to search for all solution that have don't have patch in them. Currently this can only be done by searching the JIRA description as a whole and would give a wrong result.

Already Existing Key and Name

We use Jira Cloud and Tenable.io. I have a project created for vulnerabilites that I have been using to create manual tickets. Issue is that I used the same Project Name and the same VULN key when i created that years ago. I tried to change it in my project, but it that does not free up the original key -- looks like Jira saves it in their db. I get a key already exists error. I can try some stuff to see if I can somehow get that key recovered, but it seems like it would be good functionality to let the user specify the key and project name.

Automating the script

Hi Steve,

Hopefully this will be an easy one.

Where can I set the 'RUN_EVERY' variable please? I know the observed-since option can be used whilst running the integration but not sure how to set the 'RUN_EVERY' option.

Also, is it the same as the service interval function within the config.yaml file? I tried setting that before, but didn't see it working.

Thanks,

Not Closing Resolved Subtasks/Tasks/Other Findings

I've noticed a few things with the project. It seems cross checking tenable.io, i'm finding that the scripts aren't resolving issues.

Lastly, here is some output of an issue I've observed:

2019-12-20 17:13:40,665 urllib3.connectionpool DEBUG https://celerodocs.atlassian.net:443 "POST /rest/api/3/search HTTP/1.1" 200 None
2019-12-20 17:13:40,783 urllib3.connectionpool DEBUG https://celerodocs.atlassian.net:443 "GET /rest/api/3/issue/89106/transitions HTTP/1.1" 200 None
2019-12-20 17:13:40,784 tenable_jira.transform.Tio2Jira INFO CLOSING VMNGT-1144 [10.128.43.79/0/TCP] [35453] Microsoft Windows Update Reboot Required
2019-12-20 17:13:40,784 tenable_jira.jira.Jira DEBUG uri=https://celerodocs.atlassian.net/rest/api/3/issue/89106/transitions, query={}, body={"transition": {"id": null}}
2019-12-20 17:13:40,861 urllib3.connectionpool DEBUG https://celerodocs.atlassian.net:443 "POST /rest/api/3/issue/89106/transitions HTTP/1.1" 400 None
2019-12-20 17:13:40,863 restfly.errors.BadRequestError ERROR [400: POST] https://celerodocs.atlassian.net/rest/api/3/issue/89106/transitions body=b'{"errorMessages":["'transition' identifier must be an integer"],"errors":{}}'
Traceback (most recent call last):
File "/usr/local/bin/tenable-jira", line 11, in
load_entry_point('tenable-jira-cloud==1.0.0', 'console_scripts', 'tenable-jira')()
File "/usr/local/lib/python3.6/dist-packages/Click-7.0-py3.6.egg/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/Click-7.0-py3.6.egg/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.6/dist-packages/Click-7.0-py3.6.egg/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.6/dist-packages/Click-7.0-py3.6.egg/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/tenable_jira_cloud-1.0.0-py3.6.egg/tenable_jira/cli.py", line 88, in cli
File "/usr/local/lib/python3.6/dist-packages/tenable_jira_cloud-1.0.0-py3.6.egg/tenable_jira/transform.py", line 404, in ingest
File "/usr/local/lib/python3.6/dist-packages/tenable_jira_cloud-1.0.0-py3.6.egg/tenable_jira/transform.py", line 374, in close_issues
File "/usr/local/lib/python3.6/dist-packages/tenable_jira_cloud-1.0.0-py3.6.egg/tenable_jira/transform.py", line 306, in _process_closed_vuln
File "/usr/local/lib/python3.6/dist-packages/tenable_jira_cloud-1.0.0-py3.6.egg/tenable_jira/transform.py", line 277, in _close_issue
File "/usr/local/lib/python3.6/dist-packages/tenable_jira_cloud-1.0.0-py3.6.egg/tenable_jira/jira/issues.py", line 36, in transition
File "/usr/local/lib/python3.6/dist-packages/restfly-1.1.1-py3.6.egg/restfly/session.py", line 429, in post
File "/usr/local/lib/python3.6/dist-packages/restfly-1.1.1-py3.6.egg/restfly/session.py", line 376, in _request
restfly.errors.BadRequestError: [400: POST] https://celerodocs.atlassian.net/rest/api/3/issue/89106/transitions body=b'{"errorMessages":["'transition' identifier must be an integer"],"errors":{}}'

Thanks again for this amazing project!

Atlassian Error: "An issue type with this name already exists"

Getting an error when running the script. Not sure what on the JIRA end is causing this issue

Duplicate vulnerabilities are created for the same vulnerability and same IP

Hi Steve,

It looks like another issue has arised based on the change that was made. I noticed that the system creates duplicates subtasks depending on how many times the script was run instead of updating the subtasks already created, it creates new subtask:

In the above image you will see that the same IP has multiple issues created for the same vulnerability. Shouldn't the script be updating the current issues based on IP?

Custom Field Cannot be set.

I have successfully gotten the integration to create a new board for me...
When I run the script with the generated-config.yaml
I get the following error (multiple times)
"customfield_11627":"Field 'customfield_11627' cannot be set. It is not on the appropriate screen, or unknown."

Do you know the best way to troubleshoot this?

Unable to leverage User Filtering on custom fields

Hello Stephen!

In getting some of the data form Tenable into Jira, I'm working on building some dashboards in Jira. Unfortunately it seems that some of the key custom fields that would be useful in dashboards are configured in such a way that Jira is unable to use them. Seems just a text field does not work, they would need to be a 'Group picker', 'Multi select', 'User picker', 'Select list' and 'Version picker' fields.

Some research pointed me to similar issues/questions of this nature:
https://community.atlassian.com/t5/Jira-questions/Jira-Custom-Field-Missing-Issues-in-Filter-result/qaq-p/806568
https://community.atlassian.com/t5/Jira-Service-Desk-questions/User-Filtering-on-custom-fields-missing/qaq-p/949718
https://community.atlassian.com/t5/Jira-questions/Jira-Two-Dimensionnal-Filter-Custom-field-missing/qaq-p/405284

If the fields have to be a specific list (a finite list, rather than an open text field), then the fields that would fall into this bucket would be:

Tenable Plugin ID
Tenable Plugin Family
Tenable Plugin Name
Vulnerability Severity
Vulnerability State
Vulnerability Port
Vulnerability Protocol

Any chance of getting these fields updated in this project, so that we can create additional & more meaningful charts/dashboards for those that live and breathe Jira/Confluence?

Thanks!

VPR threshold not working ?

im currently running:
tenable-jira -s $(date -v-7d +%s) config.yaml

with my config.yaml file:
tio_ignore_accepted: true
tio_autoclose_accepted: true
tio_vpr_thresh: 6.0

I still seem to be missing reported vulns that are present in the io console.
Example: vuln with a score of 6.7 last been by the scanner 5 days ago ... should populate in the board correctly?

Setup.py missing yaml install

Installed tenable-jira-cloud via the setup.py script. This is on a MacOS system running python3

tenable-jira jira-cloud.yaml
Traceback (most recent call last):
File "/Users/k/.pyenv/versions/3.7.3/bin/tenable-jira", line 11, in
load_entry_point('tenable-jira-cloud==1.0.0', 'console_scripts', 'tenable-jira')()
File "/Users/k/.pyenv/versions/3.7.3/lib/python3.7/site-packages/pkg_resources/init.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/Users/k.pyenv/versions/3.7.3/lib/python3.7/site-packages/pkg_resources/init.py", line 2793, in load_entry_point
return ep.load()
File "/Users/k/.pyenv/versions/3.7.3/lib/python3.7/site-packages/pkg_resources/init.py", line 2411, in load
return self.resolve()
File "/Users/k/.pyenv/versions/3.7.3/lib/python3.7/site-packages/pkg_resources/init.py", line 2417, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/Users/k/.pyenv/versions/3.7.3/lib/python3.7/site-packages/tenable_jira_cloud-1.0.0-py3.7.egg/tenable_jira/cli.py", line 25, in
ModuleNotFoundError: No module named 'yaml'

yaml CLoader error when running integration command

pip Installed PyYAML, pip installed integration. Created config.yaml. Ran the tenable-jira config.yaml command and get the error below. Others are getting the same error.

➜ ~ tenable-jira config.yaml Traceback (most recent call last): File "/usr/local/bin/tenable-jira", line 8, in <module> sys.exit(cli()) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 764, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 717, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 956, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 555, in invoke return callback(*args, **kwargs) File "/usr/local/lib/python3.7/site-packages/tenable_jira/cli.py", line 42, in cli base_config(), File "/usr/local/lib/python3.7/site-packages/tenable_jira/config.py", line 4, in base_config return yaml.load(config, Loader=yaml.CLoader) AttributeError: module 'yaml' has no attribute 'CLoader'

Integration does not parse all of the available screens when looking for the right screen to edit.

Trying to get this setup, but just getting errors all along the way unfortunately.

First - the package isn't in pip, so had to run setup.py install. I think checked back against pip and it shows that everything is installed:

Requirement already satisfied: tenable-jira-cloud in c:\python37 (1.0.0) Requirement already satisfied: pytenable>=0.3.29 in c:\python37\lib\site-packages\pytenable-1.0.0-py3.7.egg (from tenable-jira-cloud) (1.0.0) Requirement already satisfied: restfly>=1.1.0 in c:\python37\lib\site-packages\restfly-1.1.1-py3.7.egg (from tenable-jira-cloud) (1.1.1) Requirement already satisfied: arrow>=0.13.0 in c:\python37\lib\site-packages\arrow-0.15.4-py3.7.egg (from tenable-jira-cloud) (0.15.4) Requirement already satisfied: Click>=7.0 in c:\python37\lib\site-packages\click-7.0-py3.7.egg (from tenable-jira-cloud) (7.0) Requirement already satisfied: requests>=2.19 in c:\python37\lib\site-packages\requests-2.22.0-py3.7.egg (from pytenable>=0.3.29->tenable-jira-cloud) (2.22.0) Requirement already satisfied: python-dateutil>=2.6 in c:\python37\lib\site-packages\python_dateutil-2.8.1-py3.7.egg (from pytenable>=0.3.29->tenable-jira-cloud) (2.8.1) Requirement already satisfied: semver>=2.8.1 in c:\python37\lib\site-packages\semver-2.9.0-py3.7.egg (from pytenable>=0.3.29->tenable-jira-cloud) (2.9.0) Requirement already satisfied: ipaddress>=1.0.22 in c:\python37\lib\site-packages\ipaddress-1.0.23-py3.7.egg (from pytenable>=0.3.29->tenable-jira-cloud) (1.0.23) Requirement already satisfied: certifi>=2017.4.17 in c:\python37\lib\site-packages\certifi-2019.11.28-py3.7.egg (from requests>=2.19->pytenable>=0.3.29->tenable-jira-cloud) (2019.11.28) Requirement already satisfied: chardet<3.1.0,>=3.0.2 in c:\python37\lib\site-packages\chardet-3.0.4-py3.7.egg (from requests>=2.19->pytenable>=0.3.29->tenable-jira-cloud) (3.0.4) Requirement already satisfied: idna<2.9,>=2.5 in c:\python37\lib\site-packages\idna-2.8-py3.7.egg (from requests>=2.19->pytenable>=0.3.29->tenable-jira-cloud) (2.8) Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in c:\python37\lib\site-packages\urllib3-1.25.7-py3.7.egg (from requests>=2.19->pytenable>=0.3.29->tenable-jira-cloud) (1.25.7) Requirement already satisfied: six>=1.5 in c:\python37\lib\site-packages\six-1.13.0-py3.7.egg (from python-dateutil>=2.6->pytenable>=0.3.29->tenable-jira-cloud) (1.13.0)

Running tenable-jira config.yaml gets this error:

Traceback (most recent call last): File "C:\Python37\Scripts\tenable-jira-script.py", line 11, in <module> load_entry_point('tenable-jira-cloud==1.0.0', 'console_scripts', 'tenable-jira')() File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 2793, in load_entry_point return ep.load() File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 2411, in load return self.resolve() File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 2417, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) ModuleNotFoundError: No module named 'tenable_jira'

Trying to run the exe in the Scripts folder of Python gets this error:

Traceback (most recent call last): File "c:\Python37\Scripts\tenable-jira-script.py", line 11, in <module> load_entry_point('tenable-jira-cloud==1.0.0', 'console_scripts', 'tenable-jira')() File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 489, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 2793, in load_entry_point return ep.load() File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 2411, in load return self.resolve() File "C:\Python37\lib\site-packages\pkg_resources\__init__.py", line 2417, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) ModuleNotFoundError: No module named 'tenable_jira'

Trying to run the tenable-jira-script.py file in the Scripts folder of Python gets this error:

Traceback (most recent call last): File "tenable-jira-script.py", line 6, in <module> from pkg_resources import load_entry_point File "C:\Python27\lib\site-packages\pkg_resources\__init__.py", line 3126, in <module> @_call_aside File "C:\Python27\lib\site-packages\pkg_resources\__init__.py", line 3110, in _call_aside f(*args, **kwargs) File "C:\Python27\lib\site-packages\pkg_resources\__init__.py", line 3139, in _initialize_master_working_set working_set = WorkingSet._build_master() File "C:\Python27\lib\site-packages\pkg_resources\__init__.py", line 581, in _build_master ws.require(__requires__) File "C:\Python27\lib\site-packages\pkg_resources\__init__.py", line 898, in require needed = self.resolve(parse_requirements(requirements)) File "C:\Python27\lib\site-packages\pkg_resources\__init__.py", line 784, in resolve raise DistributionNotFound(req, requirers) pkg_resources.DistributionNotFound: The 'tenable-jira-cloud==1.0.0' distribution was not found and is required by the application

On another machine we've tried again and a colleague has gotten a little further but then hit errors coming out of Jira:

C:\Users\xxx\Documents\integration-jira-cloud-master>tenable-jira config.yaml Traceback (most recent call last): File "<C:\Program Files\Python37\Scripts\tenable-jira-script.py>", line 11, in <module> load_entry_point('tenable-jira-cloud==1.0.0', 'console_scripts', 'tenable-jira')() File "<C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py>", line 764, in __call__ return self.main(*args, **kwargs) File "<C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py>", line 717, in main rv = self.invoke(ctx) File "<C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py>", line 956, in invoke return ctx.invoke(self.callback, **ctx.params) File "<C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py>", line 555, in invoke return callback(*args, **kwargs) File "<C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.0.0-py3.7.egg\tenable_jira\cli.py>", line 88, in cli File "<C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.0.0-py3.7.egg\tenable_jira\transform.py>", line 394, in ingest File "<C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.0.0-py3.7.egg\tenable_jira\transform.py>", line 350, in create_issues File "<C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.0.0-py3.7.egg\tenable_jira\transform.py>", line 287, in _process_open_vuln File "<C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.0.0-py3.7.egg\tenable_jira\jira\issues.py>", line 48, in upsert File "<C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.0.0-py3.7.egg\tenable_jira\jira\issues.py>", line 20, in create File "<C:\Program Files\Python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py>", line 429, in post File "<C:\Program Files\Python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py>", line 376, in _request restfly.errors.BadRequestError: [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"customfield_10126":"Field \'customfield_10126\' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field \'description\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10120":"Field \'customfield_10120\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10121":"Field \'customfield_10121\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10122":"Field \'customfield_10122\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10123":"Field \'customfield_10123\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10124":"Field \'customfield_10124\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10125":"Field \'customfield_10125\' cannot be set. It is not on the appropriate screen, or unknown.","customfield_10048":"Field \'customfield_10048\' cannot be set. It is not on the appropriate screen, or unknown."}}'

Separate setup into a different script

As a user i'd like the ability to run a script to setup the project, fields, etc that is separate from the script that actual pulls vulnerabilities and creates tickets. This will allow me to use an admin account for the setup script and a less privileged user for the integration script.

Question around what happens when servers are decommissioned

Hi Steve,

If we were to decommission a server and remove it from the agent group in Tenable.io. How will the script handle the vulnerabilities associated with the decommissioned server? Will it mark it as done? I don't suppose it will remove the vulnerabilities from Jira.

Thanks,

How to edit config.py

What steps need to be taken to modify config.py and have those changes reflected when running the integration? I would like to modify the config.py file so that the integration will open tickets for low and medium vulns not just high and critical vulns. It's not clear to me how to make those changes take effect. Thank you.

Changing tio_severities

I would like only the critical severity tickets being created in JIRA but when changing that in the script from:

tio_severities:
    - high
    - critical

to:

tio_severities:
    - critical

I am still seeing High severity items being pulled into JIRA. I tried moving this in the config.yaml as well but still the same issue.

Integration does not upload vulns to Jira

Hi Steve,

I'm trying to integrate Jira Cloud with Tenable.sc in my lab using this library, but it doesn't fill Jira with tickets about vulnerabilities, it only creates the fields, issues, etc. The problem seems to be right there since i tried obtaining the vulnerabilities through the analysis endpoint using pyTenable and i am able to do so.

I created a vuln query using vulnerability detail list for this task, do i have to create any specific one or use any specific filter to make it work?

In my config file i used username and password for tenable.sc and all the other default options.

Here's the troubleshoot log :

tenable_debug.log

Thank you in advance.

Unsupported content from Tenable cannot POST into Jira

Error during script run stating unsupported content trying to be POSTed into Jira.

C:\Program Files\Python37\Scripts>tenable-jira.exe tenable-jira-config.yaml
2020-02-19 15:46:19,216 restfly.errors.BadRequestError ERROR [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":["We can\'t create this issue for you right now, it could be due to unsupported content you\'ve entered into one or more of the issue fields. If this situation persists, contact your administrator as they\'ll be able to access more specific information in the log file."],"errors":{}}'
Traceback (most recent call last):
  File "C:\Program Files\Python37\Scripts\tenable-jira-script.py", line 11, in <module>
    load_entry_point('tenable-jira-cloud==1.1.0', 'console_scripts', 'tenable-jira')()
  File "C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "C:\Program Files\Python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.1.0-py3.7.egg\tenable_jira\cli.py", line 104, in cli
  File "C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.1.0-py3.7.egg\tenable_jira\transform.py", line 432, in ingest
  File "C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.1.0-py3.7.egg\tenable_jira\transform.py", line 388, in create_issues
  File "C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.1.0-py3.7.egg\tenable_jira\transform.py", line 329, in _process_open_vuln
  File "C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.1.0-py3.7.egg\tenable_jira\jira\issues.py", line 48, in upsert
  File "C:\Program Files\Python37\lib\site-packages\tenable_jira_cloud-1.1.0-py3.7.egg\tenable_jira\jira\issues.py", line 20, in create
  File "C:\Program Files\Python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 429, in post
  File "C:\Program Files\Python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 376, in _request
restfly.errors.BadRequestError: [400: POST] https://xxx.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":["We can\'t create this issue for you right now, it could be due to unsupported content you\'ve entered into one or more of the issue fields. If this situation persists, contact your administrator as they\'ll be able to access more specific information in the log file."],"errors":{}}'

I will come back with further debug or Jira logs if I can find them.

Since in Windows

How would you use the -s since option on a Windows device ?

is it possible to run this using aws lambda?

Is it available to run this script on AWS Lambda? I'm interested to create a cron job on Lambda and whether it will work to run the cron job, which would run the sudo tenable-jira every week for example on my host.

I think it's doable, but don't know for sure, any suggestions whether it will work okay?

Trying to run the tenable-jira integration script as an Azure Function App

Hey Steve,

We are trying to create an Azure function app in order to run the integration script. This will save us from having a whole machine/instance running the integration.

So wanted to know what happens when the following is called upon:
tenable-jira config.yaml

As in what script does it call upon? Since function app won't allow us to execute the above command at the OS level. So for example I can't do this:
os.system('tenable-jira config.yaml')

Instead maybe we could directly run what the command 'tenable-jira config.yaml' calls upon.

If you have a better way of doing it or any advise, that would be extremely helpful.

TypeError: list indices must be integers or slices, not str

Hi Steven,

When I try to run the connector I get a TypeError.

File "/opt/anaconda3/lib/python3.7/site-packages/tenable_jira/jira/screens.py", line 11, in _get_page self.total = resp['total'] TypeError: list indices must be integers or slices, not str

If I print(resp) it appears to give me a JSON of all the screens available in my Jira instance. I am not really sure what I should be looking at to try and troubleshoot.

Thanks,
Peter

Re-authenticate to SC automatically after session timeout

Hi Steve,

I wonder if you have seen this before, it could possible be to the connection being dropped by the tenable server:

2020-04-28 07:28:30,942 urllib3.connectionpool DEBUG Resetting dropped connection: TenableServer
2020-04-28 07:28:31,159 urllib3.connectionpool DEBUG https://TenableServer:443 "POST /rest/analysis HTTP/1.1" 403 139
2020-04-28 07:28:31,160 tenable.errors.APIError ERROR POST https://TenableServer:443/rest/analysis >> None:403 {"type":"regular","response":"","error_code":12,"error_msg":"This request contains an invalid token.","warnings":[],"timestamp":1588080511}

We got this twice, yesterday after the scrip running for nearly 9 hours and today after the script running for about 6 hours

Configuring for a Jira Next-Gen Project

Hi Steven,

I've been testing this on a JIra Next-Gen Project and I'm relatively sure that it is not going to work after I work through the bugs (due to lack of screens), but I just wanted to bring forward my errors and see if this could potentially work.

I attempted to fill in config.py with jira_id: <id_for_task> for both task and subtask.

But I am receiving the error:
restfly.errors.BadRequestError: [400: PUT] https://<orgid>.atlassian.net/rest/api/3/issue/61216?notifyUsers=true&overrideScreenSecurity=false&overrideEditableFlag=false body=b'{"errorMessages":[],"errors":{"issuetype":"The issue type selected is invalid."}}'

Within my project, I have task and sub_task configured as issue types. Anything else you can think to try? or is this a no go?

Thanks,
Mike

The issue type selected is invalid. API 3

2020-03-03 21:31:24,808 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "POST /rest/api/3/search HTTP/1.1" 200 None
2020-03-03 21:31:24,810 tenable_jira.jira.Jira DEBUG uri=https://healthtap.atlassian.net/rest/api/3/issue, query={'update_history': False}, body={"fields": {"project": {"key": "VULN"}, "issuetype": {"id": "11527"}, "customfield_13757": ["CVE-2018-19518", "CVE-2018-19935", "CVE-2018-20783"], "customfield_13758": "8.5", "customfield_13759": "7.0", "customfield_13760": "7.5", "customfield_13761": "7.0", "customfield_13762": "119764", "customfield_13763": "CGI abuses", "customfield_13764": "PHP 5.6.x < 5.6.39 Multiple vulnerabilities", "customfield_13765": "High", "customfield_13782": "7.4", "summary": "[119764] PHP 5.6.x < 5.6.39 Multiple vulnerabilities", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.39. It is, therefore, affected by\nmultiple vulnerabilities:\n\n  - An arbitrary command injection vulnerability exists in the\n  imap_open function due to improper filters for mailbox names prior\n  to passing them to rsh or ssh commands. An authenticated, remote\n  attacker can exploit this by sending a specially crafted IMAP server\n  name to cause the execution of arbitrary commands on the target\n  system. (CVE-2018-19518)\n\n  - A denial of service (DoS) vulnerability exists in\n  ext/imap/php_imap.c. An unauthenticated, remote attacker can\n  exploit this issue, via an empty string in the message argument\n  to the imap_mail function, to cause the application to stop\n  responding. (CVE-2018-19935)\n\n  - A heap buffer over-read exists in the phar_parse_pharfile function.\n  An unauthenticated, remote attacker can exploit this to read\n  allocated or unallocated memory past the actual data when trying to\n  parse a .phar file. (CVE-2018-20783)"}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Upgrade to PHP version 5.6.39 or later."}]}]}}}
2020-03-03 21:31:25,045 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "POST /rest/api/3/issue?update_history=False HTTP/1.1" 400 None
2020-03-03 21:31:25,048 restfly.errors.BadRequestError ERROR [400: POST] https://healthtap.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"issuetype":"The issue type selected is invalid."}}'

Get an Error when

When used the integration script for tenable with JIRA cloud, I received the following error:
2020-02-21 11:23:12,528 restfly.errors.BadRequestError ERROR [400: POST] https://jirainstance.atlassian.net/rest/api/3/issue?update_history=False body={"errorMessages":[],"errors":{"customfield_10029":"data was not an array"}}

Note: that the fields were populated within JIRA, it's just that the data was not populated.

Only pull VPR score higher than n ?

Is there a way in the config file to only pull in vulnerabilities that surpass a certain VPR score threshold?

For example, I only want the integration to pull in vulnerabilities with a VPR score higher than 7.0

Tenable.io to Jira integration doesn't import First Seen and Last Seen field data

Hi Steve,

I noticed today that the integration doesn't populate the Vulnerability First Seen and Last seen data within Jira, although that data is present in tenable.

Here is an example:
You can see the data is present in Tenable.io for that particular vulnerability:

However, in Jira, the data doesn't get populated by the integration:

Do you know why this would be the case please? Any help/advise would be appreciated.

P.S. we didn't notice such an issue with Tenable.sc to Jira.

Explanation on auto closing issues

Thank you for the great help you provide with this integration.

I have a question regarding this piece in the documentation:
Vulnerability Instances (Sub-tasks) are closed automatically by the integration once the vulnerability is fixed in Tenable.io.

Does the integration close tickets that are in the "To Do" status? We have many tickets created but unassigned and in To Do status, that are solved in Tenable by auto patching using another software, but when the integration runs, these tickets are not closed automatically in Jira.

Is this an expected behavior? What the status in Jira should be to have the issues closed automatically?

All fields are not being populated

Hi Steve,
A lot of the fields that are populated in tenable are not being pulled into JIRA. The Issue gets created with the field values set to "NONE" (See attached). Do you know why this might be?

Here is the config file:

  access_key: removed
  secret_key: removed
  tio_severities:
    - critical

jira:
  api_token: removed
  api_username: removed
  address: removed

project:
  leadAccountId: removed

issue_types:
  - jira_id: 3
    name: Task
    type: standard
    search:
    - Tenable Plugin ID
  - jira_id: 10000
    name: Sub-task
    type: subtask
    search:
    - Tenable Plugin ID
    - Tenable Asset UUID
    - Device IPv4
    - Device IPv6
    - Vulnerability Port
    - Vulnerability Protocol

screen:
  jira_ids:
    - 13365
    - 13366```

leadAccountId format

The example config.yaml file states that it needs a lead account ID for the project, and gives it in the format 554433:00112233-ffee-aabb-aabb-998877665544. I've tried everywhere both in the Jira UI and running GETs on the project itself to return the leadaccountID but each way it does not return any ID in that format. All I've got is a 24-character alphanumeric string, and plugging this into the config.yaml file just returns the following error output. I also note that it says no project with key VMNGT - I have added that into the config.yaml file because VULN is already the name of a project. I'd have assumed the setup should spot that I haven't also create VMNGT and try and create this...?

C:\Program Files\Python37\Scripts>tenable-jira.exe tenable-jira-config.yaml --setup-only
2020-02-17 14:46:08,003 restfly.errors.NotFoundError ERROR [404: GET] https://xxx.atlassian.net/rest/api/3/project/VMNGT body=b'{"errorMessages":["No project could be found with key \'VMNGT\'."],"errors":{}}'
2020-02-17 14:46:08,112 restfly.errors.BadRequestError ERROR [400: POST] https://xxx.atlassian.net/rest/api/3/project body=b'{"errorMessages":[],"errors":{"projectLead":"You must specify a valid project lead."}}'
Traceback (most recent call last):
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\projects.py", line 32, in upsert
    return self.details(kwargs['key'])
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\projects.py", line 9, in details
    return self._api.get('project/{}'.format(id), params=kwargs).json()
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 408, in get
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 376, in _request
restfly.errors.NotFoundError: [404: GET] https://xxx.atlassian.net/rest/api/3/project/VMNGT body=b'{"errorMessages":["No project could be found with key \'VMNGT\'."],"errors":{}}'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Python37\Scripts\tenable-jira-script.py", line 11, in <module>
    load_entry_point('tenable-jira-cloud==1.1.0', 'console_scripts', 'tenable-jira')()
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\program files\python37\lib\site-packages\click-7.0-py3.7.egg\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "c:\program files\python37\lib\site-packages\tenable_jira\cli.py", line 100, in cli
    ingest = Tio2Jira(source, jira, config)
  File "c:\program files\python37\lib\site-packages\tenable_jira\transform.py", line 19, in __init__
    self._project = self._jira.projects.upsert(**config['project'])
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\projects.py", line 34, in upsert
    return self.create(**kwargs)
  File "c:\program files\python37\lib\site-packages\tenable_jira\jira\projects.py", line 28, in create
    return self._api.post('project', json=kwargs).json()
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 429, in post
  File "c:\program files\python37\lib\site-packages\restfly-1.1.1-py3.7.egg\restfly\session.py", line 376, in _request
restfly.errors.BadRequestError: [400: POST] https://xxx.atlassian.net/rest/api/3/project body=b'{"errorMessages":[],"errors":{"projectLead":"You must specify a valid project lead."}}'

inport Tags for SC and IO

Is it possible to edit the script to bring in the asset tags in SC and IO. This will help with sorting and searching.

tenable / integration-jira-cloud Goto Github PK

integration-jira-cloud's Introduction

Tenable to Jira Cloud Sync Tool

Requirements

Permissions

Quickstart

Installation

Configuration

Initial Setup

General operation

integration-jira-cloud's People

Contributors

Stargazers

Watchers

Forkers

integration-jira-cloud's Issues

Tenable.io vulnerability severities to convert to JIRA tickets.

This section defines the issue-types & how to search them. There should only# ever be a singular "standard" and no more than 1 "subtask". The issue-type# name is what will be used throughout the rest of the config file to determine# what issue-type gets what data fields.

Recommend Projects

Recommend Topics

Recommend Org

Jobs