Jira ITSM

Automated security incident management for Jira to convert Keeper Security alerts into actionable tickets.

This integration is not live yet. ETA January 2026

About

The Keeper Security ITSM Integration is a Forge-based application that automatically converts security alerts from Keeper Security into actionable Jira tickets. The integration enables security teams, IT administrators, and compliance officers to respond to security incidents immediately without manual ticket creation, ensuring no alert goes unnoticed and maintaining complete audit trails for compliance requirements.

Features

  • Automated Ticket Creation: Receive security alerts from Keeper via webhooks and automatically create Jira issues with complete alert details including raw JSON payloads for full audit trails.

  • Flexible Field Mapping: Map Keeper alert fields (alert_name, description, audit_event, username, remote_address, timestamp, etc.) to any Jira field including standard fields and custom fields.

  • Priority Mapping: Automatically assign Jira priorities based on Keeper event categories (e.g., data breaches → Highest, routine audits → Low).

  • Issue Type Mapping: Route different Keeper alert types to specific Jira issue types (e.g., breach alerts → Incidents, policy violations → Tasks).

  • Cross-Project Support: Works with both Team-Managed and Company-Managed Jira projects for maximum flexibility.

  • Development Tools: Built-in test functionality to verify webhook configuration and ticket creation before going live.

Prerequisites

  • Keeper Security Account

    • Subscription: Keeper Enterprise or KeeperPAM subscription with ARAM (Advanced Reporting & Alerts)

    • Admin Access: Access to Keeper Security admin console for webhook configuration.

    • Familiarity: Understanding of Keeper alert types and event categories

  • Jira Cloud Instance

    • Platform: Jira Cloud account

    • Permissions: Project administrator or Jira administrator permissions

    • Projects: At least one Jira project with appropriate issue types configured

Supported Platform

The integration runs on Atlassian Forge platform and supports:

Jira Cloud

Aspect
Support

Plans

Free, Standard, Premium, Enterprise

Project Types

Team-Managed and Company-Managed

Regions

All Atlassian Cloud regions (US, EU, APAC)

Supported Browsers

Platform
Browsers

Desktop

Chrome 90+, Firefox 88+, Safari 14+, Edge 90+

Mobile

iOS Safari 14+, Chrome Mobile 90+

Requirements

Jira Requirements

Requirement
Details

Jira Cloud

Any plan (Free, Standard, Premium, Enterprise)

API Access

REST API v3 enabled (default)

Custom Fields

Available on Standard plan and above

Keeper Security Requirements

Requirement
Details

Enterprise Plan

Required for webhook functionality

Admin Access

Required for webhook configuration

Alert Types

At least one configured alert type

Installation

Step 1: Navigate to Marketplace

  1. Go to https://marketplace.atlassian.com/

  2. Search for "Keeper Security ITSM"

  3. Click on the app listing

Step 2: Install the App

  1. Click "Get it now" or "Try it free"

  2. Select your Jira site from the dropdown

  3. Click "Install app"

  4. Wait for installation to complete (30-60 seconds)

Step 3: Grant Permissions

The app requests these permissions:

Permission
Purpose

read:jira-work

Read issues and projects

write:jira-work

Create and update issues

read:jira-user

Read user information

storage:app

Store configuration data

Click "Accept" to grant permissions.

Step 4: Verify Installation

  1. Go to Jira Settings (⚙️)

  2. Click "Apps" → "Manage apps"

  3. Verify "Keeper Security ITSM" appears in the installed apps list

Authentication

The integration uses Forge's built-in authentication system. No additional authentication configuration is required.

  1. Navigate to Settings (⚙️) → Apps → Keeper Security ITSM

  2. If prompted, click "Allow access" to grant permissions

Configuration

Step 1: Access the Admin Interface

  1. Open your Jira instance

  2. Navigate to Settings (⚙️) → Apps

  3. Click "Keeper Security ITSM" in the sidebar

  4. The interface loads with two main tabs:

    • Web Trigger Setup

    • Advanced Configuration

Step 2: Configure Target Project

Select Target Project

  1. Click "Web Trigger Setup" tab

  2. Click the "Target Project" dropdown

  3. Select the Jira project where tickets should be created

    • Example: "SEC - Security Operations"

Select Default Issue Type

  1. Click the "Default Issue Type" dropdown

  2. Choose the issue type for incoming alerts

    • Recommended: "Task" or "Incident"

Save Configuration

  1. Click "Save Configuration" button

  2. Wait for success notification

  3. The app automatically generates default issue type mappings

Copy Webhook URL

  1. The Web Trigger URL appears below the save button

    • Format: https://[your-site].atlassian.net/.../keeper-webhook

  2. Click the copy icon or manually select and copy

  3. Save this URL for Keeper configuration

Keep this URL secure — Anyone with this URL can create tickets in your Jira project.

Step 3: Configure Keeper Security Webhooks

  1. Log in to your Keeper Admin Console

  2. Navigate to Reporting & Alerts

  3. Go to Alerts → Add Alert → Add Recipient

  4. Enter Details:

    • Name: "Jira ITSM Integration"

    • Webhook URL: Paste the URL from Jira app

  5. Save webhook configuration

Step 4: Test the Connection

Before receiving live alerts, test the integration:

  1. In the Keeper ITSM app, scroll to "Development Tools" section

  2. Click "Test Web Trigger" button

  3. Verify success notification appears

  4. Go to your Jira project board

  5. Confirm a test ticket was created (e.g., "OPS-1: Security Alert: Test Event")

Test Successful? — Your integration is ready to receive live alerts from Keeper Security.

Usage

Basic Workflow

The integration follows this automated workflow:

Keeper Security Alert → Webhook → Forge App → Jira Ticket Created

When Keeper Security detects an event (failed login, breach, policy violation, etc.):

  1. Keeper sends alert data via webhook

  2. Forge app validates and processes the payload

  3. App maps fields and determines issue type/priority

  4. Jira ticket created automatically with all alert details

  5. Team receives notification and can respond immediately

Creating Custom Fields

Custom fields capture Keeper-specific data that doesn't fit standard Jira fields.

Recommended Custom Fields

Field Name
Type
Purpose
Example Value

Remote IP Address

Text

Source IP of event

192.168.1.100

Event Category

Select List

Keeper alert category

security, audit, breach

Security Event Type

Text

Specific event type

audit_user_failed_login

Device Name

Text

Device that triggered alert

John-MacBook-Pro

Alert Timestamp

Date Time

Original alert time

2025-01-15T14:30:00Z

Alert Severity

Select List

Severity level

critical, high, medium, low

Creating Custom Fields in Jira

Step
Action
Details

1. Navigate

Settings (⚙️) → Issues → Custom fields

Opens custom field management

2. Create

Click "Create custom field"

Choose field type (Text, Date, Select List, URL)

3. Configure

Enter name, description, options

Example: "Remote IP Address"

4. Associate

Link to projects and issue types

Select your target project

5. Verify

Create test issue to confirm field appears

Field ready for mapping

Note: Custom fields require Jira Administrator permissions for global fields, or Project Administrator for project-specific fields.

Field Mapping Configuration

Map Keeper alert data to Jira fields for automatic population.

Access Field Mapping

  1. Go to Advanced Configuration tab

  2. Click "Field Mapping" sub-tab

  3. View list of Keeper payload fields

Example Mapping Configuration

Keeper Field
Maps To →
Jira Field

alert_name

Summary

description

Description

audit_event

Security Event Type (custom)

username

Reporter or custom field

remote_address

Remote IP Address (custom)

timestamp

Alert Timestamp (custom)

Steps to Configure

  1. Locate the Keeper field in the list

  2. Click the dropdown next to the field

  3. Select destination Jira field (standard or custom)

  4. Click "Save Global Mappings" after configuration

Priority Mapping

Configure automatic priority assignment based on Keeper event categories.

  1. Click "Priority Mapping" tab

  2. Map event categories to priorities:

Event Category
Maps To →
Jira Priority

data_breach

Highest

password_breach

Highest

unauthorized_access

High

suspicious_activity

High

policy_violation

Medium

audit_user_login

Low

  1. Click "Save Priority Mappings"

Issue Type Mapping

Route different alert types to different issue types.

  1. Click "Issue Mapping" tab

  2. Configure mappings:

Event Category
Maps To →
Jira Issue Type

data_breach

Incident

password_breach

Incident

policy_violation

Task

audit_user_login

Sub-task

  1. Click "Save Issue Type Mappings"

Complete Workflow Example

Scenario: Audit Alert Resumed → Automated Jira Ticket

Workflow Overview

Phase
What Happens
Result

1. Setup (One-Time)

Configure field/priority/issue mappings in app

Ready to receive alerts

2. Alert Triggers

Keeper detects admin resumed audit alert

Alert generated

3. Webhook Sent

Keeper sends alert data to configured webhook URL

Data transmitted securely

4. App Processes

App validates, maps fields, determines priority

Ticket prepared

5. Ticket Created

Jira ticket auto-created with all alert details

Team notified

6. Team Responds

Operations team reviews and resolves

Incident closed

Example Alert Flow

Keeper Alert Data:

Jira Ticket Created (OPS-3346):

Field
Value
Source

Type

Task

Default issue type

Summary

Jira Alerts: audit_alert_resumed

From alert_name + audit_event

Description

Alert details + complete JSON payload

From alert data

Security Event Type

audit_alert_resumed

From audit_event (custom field)

Remote Address

110.227.52.162

From remote_address (custom field)

Timestamp

2025-11-05 05:00:28

From timestamp

Status

Pending

Default workflow status

Key Details Captured:

  • Alert Type: audit_alert_resumed

  • Alert Name: Jira Alerts

  • Username: [email protected]

  • Timestamp: 2025-11-05T05:00:28.091Z

  • Source: Keeper Security

  • Complete Raw Payload: Full JSON preserved for audit trail

Response Timeline

Time
Action
Owner

T+0s

Alert detected in Keeper

Keeper Security

T+2s

Jira ticket OPS-3346 created automatically

Forge App

T+1m

Operations team notified

Jira

T+5m

Team reviews audit activity

Operations Team

T+15m

Investigation completed, ticket resolved

Operations Team

Total response time: 15 minutes (vs. hours with manual process)

Supported Alert Types

The integration supports all Keeper Security alert types including:

Authentication & Access

Event Code
Description

audit_user_login

Successful user login

audit_user_failed_login

Failed login attempt

login_failure

Generic login failure

unauthorized_access

Unauthorized access attempt

Security Incidents

Event Code
Description

data_breach

Data breach detected

password_breach

Password found in breach database

audit_breach_watch

Breach Watch alert

suspicious_activity

Suspicious activity detected

Policy & Compliance

Event Code
Description

audit_policy_violation

Policy violation event

policy_violation

Generic policy violation

System Events

Event Code
Description

audit_alert_created

New alert created

audit_alert_resumed

Alert resumed

audit_alert_deleted

Alert deleted

Role-Based Access Control

The integration implements role-based access control (RBAC) to protect configuration settings.

Permission Levels

User Role
Access Level

Jira Administrator

Full access to all configuration

Project Administrator

View access denied screen

Regular User

View access denied screen

What is Protected

Area
Protection

All configuration save operations

Requires Jira Admin

Project and issue type selection

Requires Jira Admin

Field mapping configuration

Requires Jira Admin

Priority mapping configuration

Requires Jira Admin

Configuration reset functionality

Requires Jira Admin

Troubleshooting

Issue: "Allow access" button appears repeatedly

Cause: Development environment or missing admin consent

Solution:

  • If using development environment, deploy to production

  • Or grant admin consent as Jira Administrator

  • Production environment allows one-time consent for all users

Issue: Custom field not appearing in mappings

Cause: Field not associated with project or issue type

Solution:

  1. Verify field is associated with your target project

  2. Check field is associated with the issue type

  3. Refresh the app page

  4. Clear browser cache

Issue: Test webhook fails

Cause: Configuration not saved or issue type mismatch

Solution:

  1. Ensure project is selected and saved

  2. Verify issue type exists in project

  3. Click "Reset Configuration" to regenerate mappings

  4. Check browser console for errors

Issue: Tickets created but fields are empty

Cause: Field mappings not saved or fields don't exist

Solution:

  1. Check field mappings are saved

  2. Verify custom fields exist in Jira

  3. Ensure Keeper payload contains expected fields

  4. Review webhook payload in Keeper admin console

Issue: Cannot find app in Jira

Cause: App not enabled or insufficient permissions

Solution:

  1. Go to Settings → Apps → Manage apps

  2. Verify "Keeper Security ITSM" is enabled

  3. Check you have project admin permissions

  4. Access via: Settings → Apps (sidebar)

Issue: User is admin but sees access denied

Cause: User has project admin but not Jira admin

Solution:

  • Verify the user has "Jira Administrator" global permission, not just project admin

  • Check browser console for any API errors

  • Verify the app has required scopes

PreviousJira WorkflowNextKeeper Connection Manager

Last updated

Was this helpful?