Configure API Settings

Select Configure API Settings to set your default reporter and assignee, map assets or groups to JIRA® projects, and map ticket priority to Sentinel ratings.

  1. To Configure API Settings select Enable API integration.

    Until the radio button is set to Yes, no other configuration options will be available.
    config api jira plugin 1
  2. Select the Yes radio button. Once you have selected Yes, you will see the configuration settings. This will allow you to:

    • Set the default Reporter for JIRA® tickets generated by the plugin

    • Set the default Assignee for JIRA® tickets generated by the plugin based on asset-and-project combinations

    • Map Vulnerability Ratings to JIRA® Priorities

    • Configure JIRA® Tickets

Basic Configurations

  1. Type the name or email of your default reporter in the search bar provided and then select your default reporter.

    config api jira plugin 2
  2. Set the default JIRA® assignee for a given API and associated JIRA® project. (This will map these assets to the JIRA® project(s) in question.) To set default assignees by group rather than asset, select the Sentinel Groups radio button. In this case, all assets in a group will be associated to the JIRA® project selected.

  3. Select the asset from the list of Sentinel API.

  4. Select a project from the Projects list to assign.

  5. Type the name or email of your default assignee in the search bar provided and then select them from the list.

  6. To create additional default assignees and asset-to-project mappings, click on Add.

Only one user can be selected as the default reporter in JIRA®. Only one user can be set as the default assignee to any given asset-project mapping. If Unassigned is selected for the Username field, any tickets generated will show the default assignee for that project.

Reporter Permissions Required

A reporter must have the following privileges for the project:

  • Assign Issue

  • Close Issue

  • Create Issue

  • Edit Issue

  • Modify Reporter

  • Resolve Issue

  • Transition Issue

  • Comment Issue

If you attempt to assign a user as reporter who does not have these permissions for the appropriate project, you will receive an error message.

Mapping Vulnerability Ratings to JIRA® Priorities

Vulnerability ratings for API vulnerabilities will all automatically use the WhiteHat Advanced Rating Methodology, which is based on OWASP ratings. Vulnerability ratings for API vulnerabilities may use either the WhiteHat Advanced Rating Methodology or the Legacy Methodology.

  1. Select the vulnerability rating to use for API configuration.

    config api jira plugin 3

    For more information on choosing Legacy Ratings or Advanced Ratings, see Understanding the Rating Methodologies.

  2. The default mapping will associate the most severe rating with the highest JIRA® priority. You can change this mapping using the drop-down lists.

  3. Select the vulnerability ratings that should (checked) or should not (unchecked) be used to create JIRA® tickets.

    JIRA® tickets will now be created for vulnerabilities rated Critical, High, or Medium. Critical vulnerabilities will receive the Highest JIRA® priority, High risk vulnerabilities will receive a JIRA® priority of High, and Medium risk vulnerabilities will receive a JIRA® priority of Medium. JIRA® tickets will not be created for vulnerabilities with a rating of Low or Note. In addition it is also possible to limit vulnerabilities that will result in JIRA® tickets based on the Sentinel tags associated to the vulnerability.

  4. Click Add under Allow vulnerabilities that have these tags:

    config api jira plugin 4
  5. Type the tag name in the Vuln Tag Name text field.

  6. To remove tags, click on the checkbox next to the tag in question.

If you select any tags to be used to create JIRA® tickets, only vulnerabilities that have at least one of the listed tags in the WhiteHat Portal will be used to create JIRA® issues.

Set Vulnerability Viewing Authorizations for API Vulnerabilities

You can authorize JIRA® groups to view content from the vulnerabilities discovered via API testing, including retest status, notes and tags, and Synopsys Threat Research Center team responses to questions.

  1. Select the relevant radio buttons to configure the type of vulnerability information that is visible to specific groups.

    config api jira plugin 5
  2. Select a group from the Select Groups table.

This information will appear in the summary section of your tickets.

Configure JIRA® Tickets

  1. To import closed vulnerabilities select the Import closed vulnerabilities checkbox.

    config api jira plugin 6
  2. To customize the ticket summary select the Customize ticket summary checkbox.

  3. To customize the ticket description select the Customize ticket description checkbox.

  4. Optionally, to see customization parameters, check the checkbox next to See Customization Parameters

    config api jira plugin 7
  5. When you have completed configuration for API settings according to your preferences, click Save.

If you’ve set a Custom Asset ID for this API (from the Overview tab in WhiteHat Portal), it will appear as a field in the ticket Details.