Configure MAST Settings

Select Configure MAST Settings to set your default reporter and assignee, map assets or groups to JIRA® projects, and map ticket priority to Sentinel ratings.

  1. To Configure MAST Settings select Enable MAST integration.

    Until the radio button is set to Yes, no other configuration options will be available.
    config mast jira plugin 1

  2. Select the Yes radio button. Once you have selected Yes, you will see the configuration settings. This will allow you to:

    • Set the default Reporter for JIRA® tickets generated by the plugin

    • Set the default Assignee for JIRA® tickets generated by the plugin based on asset-and-project combinations

    • Map Vulnerability Ratings to JIRA® Priorities

    • Configure JIRA® Tickets

Basic Configurations

  1. Type the name or email of your default reporter in the search bar provided and then select your default reporter.

    config mast jira plugin 2

  2. Set the default JIRA® assignee for a given application and associated JIRA® project. (This will map these assets to the JIRA® project(s) in question.) To set default assignees by group rather than asset, select the Sentinel Groups radio button. In this case, all assets in a group will be associated to the JIRA® project selected.

  3. Select the asset from the list of Sentinel applications.

  4. Select a project from the Projects list to assign.

  5. Type the name or email of your default assignee in the search bar provided and then select them from the list.

  6. To create additional default assignees and asset-to-project mappings, click on Add.

Only one user can be selected as the default reporter in JIRA®. Only one user can be set as the default assignee to any given asset-project mapping. If Unassigned is selected for the Username field, any tickets generated will show the default assignee for that project.

Reporter Permissions Required

A reporter must have the following privileges for the project:

  • Assign Issue

  • Close Issue

  • Create Issue

  • Edit Issue

  • Modify Reporter

  • Resolve Issue

  • Transition Issue

  • Comment Issue

If you attempt to assign a user as reporter who does not have these permissions for the appropriate project, you will receive an error message.

Mapping Vulnerability Ratings to JIRA® Priorities

  1. The default mapping will associate the most severe rating with the highest JIRA® priority. You can change this mapping using the drop-down lists.

    config mast jira plugin 3

    For more information on choosing Legacy Ratings or Advanced Ratings, see Understanding the Rating Methodologies.

  2. Select the vulnerability ratings that should (checked) or should not (unchecked) be used to create JIRA® tickets.

    JIRA® tickets will now be created for vulnerabilities rated Critical, High, or Medium. Critical vulnerabilities will receive the Highest JIRA® priority, High risk vulnerabilities will receive a JIRA® priority of High, and Medium risk vulnerabilities will receive a JIRA® priority of Medium. JIRA® tickets will not be created for vulnerabilities with a rating of Low or Note. In addition it is also possible to limit vulnerabilities that will result in JIRA® tickets based on the Sentinel tags associated to the vulnerability.

Set Vulnerability Viewing Authorizations for MAST Vulnerabilities

You can authorize JIRA® groups to view content from the vulnerabilities discovered via MAST testing, including vulnerability notes and tags.

  1. Select the relevant radio buttons to configure the type of vulnerability information that is visible to specific groups.

    config mast jira plugin 4

  2. Select a group from the Select Groups table.

This information will appear in the summary section of your tickets.

Configure JIRA® Tickets

  1. To import closed vulnerabilities select the Import closed vulnerabilities checkbox.

    config mast jira plugin 5

  2. To customize the ticket summary select the Customize ticket summary checkbox.

  3. To customize the ticket description select the Customize ticket description checkbox.

  4. Optionally, to see customization parameters, check the checkbox next to See Customization Parameters

    config mast jira plugin 6

  5. When you have completed configuration for MAST settings according to your preferences, click Save.

If you’ve set a Custom Asset ID for this mobile application (from the Overview tab in the WhiteHat Portal), it will appear as a field in the ticket Details.