Jira ITSM
Automated security incident management for Jira to convert Keeper Security alerts into actionable tickets.
About
The Keeper Security ITSM Integration is a Forge-based application that automatically converts security alerts from Keeper Security into actionable Jira tickets. The integration enables security teams, IT administrators, and compliance officers to respond to security incidents immediately without manual ticket creation, ensuring no alert goes unnoticed and maintaining complete audit trails for compliance requirements.
Features
Automated Ticket Creation: Receive security alerts from Keeper via webhooks and automatically create Jira issues with complete alert details including raw JSON payloads for full audit trails.
Flexible Field Mapping: Map Keeper alert fields (
alert_name,description,audit_event,username,remote_address,timestamp, etc.) to any Jira field including standard fields and custom fields.Priority Mapping: Automatically assign Jira priorities based on Keeper event categories (e.g., data breaches → Highest, routine audits → Low).
Default Issue Type Selection: Configure a default Jira issue type (Epic, Story, Task, Bug, etc.) for all incoming Keeper alerts. Issue types are automatically populated based on the selected project.
Cross-Project Support: Works with both Team-Managed and Company-Managed Jira projects for maximum flexibility.
Development Tools: Built-in test functionality to verify webhook configuration and ticket creation before going live.
Webhook Authentication: Secure your webhook endpoint with Bearer token authentication. Generate, regenerate, or revoke tokens directly from the admin interface to prevent unauthorized access.
Prerequisites
Keeper Security Account
Subscription: Keeper Enterprise or KeeperPAM subscription with ARAM (Advanced Reporting & Alerts)
Admin Access: Access to Keeper Security admin console for webhook configuration.
Familiarity: Understanding of Keeper alert types and event categories
Jira Cloud Instance
Platform: Jira Cloud account
Permissions: Project administrator or Jira administrator permissions
Projects: At least one Jira project with appropriate issue types configured
Supported Platform
The integration runs on Atlassian Forge platform and supports:
Jira Cloud
Plans
Free, Standard, Premium, Enterprise
Project Types
Team-Managed and Company-Managed
Regions
All Atlassian Cloud regions (US, EU, APAC)
Supported Browsers
Desktop
Chrome 90+, Firefox 88+, Safari 14+, Edge 90+
Mobile
iOS Safari 14+, Chrome Mobile 90+
Requirements
Jira Requirements
Jira Cloud
Any plan (Free, Standard, Premium, Enterprise)
API Access
REST API v3 enabled (default)
Custom Fields
Available on Standard plan and above
Keeper Security Requirements
Enterprise Plan
Required for webhook functionality
Admin Access
Required for webhook configuration
Alert Types
At least one configured alert type
Installation
Step 1: Navigate to Marketplace
Search for "Keeper Security ITSM"
Click on the app listing
Step 2: Install the App
Click "Get it now" or "Try it free"
Select your Jira site from the dropdown
Click "Install app"
Wait for installation to complete (30-60 seconds)
Step 3: Grant Permissions
The app requests these permissions:
read:jira-work
Read issues and projects
write:jira-work
Create and update issues
read:jira-user
Read user information
storage:app
Store configuration data
Click "Accept" to grant permissions.
Step 4: Verify Installation
Go to Jira Settings (⚙️)
Click "Apps" → "Manage apps"
Verify "Keeper Security ITSM" appears in the installed apps list
Authentication
The integration uses Forge's built-in authentication system. No additional authentication configuration is required.
Navigate to Settings (⚙️) → Apps → Keeper Security ITSM
If prompted, click "Allow access" to grant permissions
Global admin must access the app first to grant site-wide consent
After consent, all project admins can access without additional authorization
Configuration
Step 1: Access the Admin Interface
Open your Jira instance
Navigate to Settings (⚙️) → Apps
Click "Keeper Security ITSM" in the sidebar
The interface loads with two main tabs:
Web Trigger Setup
Advanced Configuration
Step 2: Configure Target Project
Select Target Project
Click "Web Trigger Setup" tab
Click the "Target Project" dropdown
Select the Jira project where tickets should be created
Example: "SEC - Security Operations"
Select Default Issue Type
After selecting a project, the "Default Issue Type" dropdown automatically populates with issue types available in that project
Choose the issue type for all incoming Keeper alerts
Recommended: "Task" or "Incident"
Note: Subtask types are excluded as they require a parent issue
Save Configuration
Click "Save Configuration" button
Wait for success notification
All Keeper alerts will now create tickets with the selected issue type
Step 3: Configure Webhook
Copy Webhook URL
The Web Trigger URL appears below the save button
Format:
https://[your-site].atlassian.net/.../keeper-webhook
Click the copy icon or manually select and copy
Save this URL for Keeper configuration
Keep this URL secure — Anyone with this URL can create tickets in your Jira project.
Configure Webhook Authentication (Recommended)
Secure your webhook endpoint with Bearer token authentication to prevent unauthorized access.
Generate Authentication Token
In the "Webhook Authentication" section, check the status badge:
"NOT CONFIGURED" (yellow) - No token set, webhook is open
"ENABLED" (green) - Token authentication active
Click "Generate Token" button
Copy the token immediately - it will only be shown once
Store the token securely for Keeper configuration
Token Management
Generate Token
Creates a new 64-character secure token
Regenerate Token
Invalidates old token and creates new one
Revoke Token
Disables authentication (requires confirmation)
Security Warning: Without a token, your webhook URL is accessible to anyone who has it. Always generate a token for production use.
Step 4: Configure Keeper Security Webhooks
Log in to your Keeper Admin Console
Navigate to Reporting & Alerts
Go to Alerts → Add Alert → Select Alerts (example: BreachWatch Detection)
Go to Alerts → Add Alert → Add Recipient
Enter Details:
Name: "Keeper ITSM Alerts" (this will appear in the Jira ticket title)
Webhook URL: Paste the URL from Jira app
Token: Paste token generated from Jira app
HTTP Body: Leave empty
Save webhook configuration
Step 5: Test the Connection
Before receiving live alerts, test the integration:
Option 1: Using Built-in Test Button
In the Keeper ITSM app, scroll to "Development Tools" section
Click "Test Web Trigger" button
Verify success notification appears
Go to your Jira project board
Confirm a test ticket was created (e.g., "OPS-1: Security Alert: Test Event")
Note: The test button bypasses token authentication (internal call). Use Option 2 to test authentication end-to-end.
Option 2: Using curl Command
Test your webhook with authentication using curl:
With Authentication Token:
Test Successful? — Your integration is ready to receive live alerts from Keeper Security.
Usage
Basic Workflow
The integration follows this automated workflow:
Keeper Security Alert → Webhook + Auth Token → Forge App → Jira Ticket Created
When Keeper Security detects any configured event (failed login, BreachWatch alert, etc.):
Keeper sends alert data via webhook with Authorization header
Forge app validates the Bearer token (if configured)
App validates and processes the payload
App maps fields and determines issue type/priority
Jira ticket created automatically with all alert details
Team receives notification and can respond immediately
Creating Custom Fields
Custom fields capture Keeper-specific data that doesn't fit standard Jira fields.
Recommended Custom Fields
Remote IP Address
Text
Source IP of event
192.168.1.100
Event Category
Select List
Keeper alert category
security, audit, breach
Security Event Type
Text
Specific event type
audit_user_failed_login
Device Name
Text
Device that triggered alert
John-MacBook-Pro
Alert Timestamp
Date Time
Original alert time
2025-01-15T14:30:00Z
Alert Severity
Select List
Severity level
critical, high, medium, low
Creating Custom Fields in Jira
To set up custom fields, open the Keeper Security ITSM application and select the "Advanced Configuration" screen.
1. Navigate
Settings (⚙️) → Issues → Custom fields
Opens custom field management
2. Create
Click "Create custom field"
Choose field type (Text, Date, Select List, URL)
3. Configure
Enter name, description, options
Example: "Remote IP Address"
4. Associate
Link to projects and issue types
Select your target project
5. Verify
Create test issue to confirm field appears
Field ready for mapping
Note: Custom fields require Jira Administrator permissions for global fields, or Project Administrator for project-specific fields.
Field Mapping Configuration
Map Keeper alert data to Jira fields for automatic population.
Access Field Mapping
Go to Advanced Configuration tab
Click "Field Mapping" sub-tab
View list of Keeper payload fields
Example Mapping Configuration
alert_name
→
Summary
description
→
Description
audit_event
→
Security Event Type (custom)
username
→
Reporter or custom field
remote_address
→
Remote IP Address (custom)
timestamp
→
Alert Timestamp (custom)
Steps to Configure
Locate the Keeper field in the list
Click the dropdown next to the field
Select destination Jira field (standard or custom)
Click "Save Mappings" after configuration
Priority Mapping
Configure automatic priority assignment based on Keeper event categories.
Click "Priority Mapping" tab
Map event categories to priorities:
data_breach
→
Highest
password_breach
→
Highest
unauthorized_access
→
High
suspicious_activity
→
High
policy_violation
→
Medium
audit_user_login
→
Low
Click "Save Priority Mappings"
data_breach
→
Incident
password_breach
→
Incident
policy_violation
→
Task
audit_user_login
→
Sub-task
Complete Workflow Example
Scenario: Audit Alert Resumed → Automated Jira Ticket
Workflow Overview
1. Setup (One-Time)
Configure field/priority/issue mappings in app
Ready to receive alerts
2. Alert Triggers
Keeper detects admin resumed audit alert
Alert generated
3. Webhook Sent
Keeper sends alert data with Authorization header to webhook URL
Data transmitted securely
4. Auth Validated
App validates Bearer token (if configured)
Request authenticated
5. App Processes
App validates payload, maps fields, applies priority mapping
Ticket prepared
6. Ticket Created
Jira ticket auto-created with all alert details
Team notified
7. Team Responds
Operations team reviews and resolves
Incident closed
Example Alert Flow
Keeper Alert Data:
Jira Ticket Created (OPS-3346):
Type
Task
Default issue type
Summary
Jira Alerts: audit_alert_resumed
From alert_name + audit_event
Description
Alert details + complete JSON payload
From alert data
Security Event Type
audit_alert_resumed
From audit_event (custom field)
Remote Address
110.227.52.162
From remote_address (custom field)
Timestamp
2025-11-05 05:00:28
From timestamp
Status
Pending
Default workflow status
Key Details Captured:
Alert Type: audit_alert_resumed
Alert Name: Jira Alerts
Username: [email protected]
Timestamp: 2025-11-05T05:00:28.091Z
Source: Keeper Security
Complete Raw Payload: Full JSON preserved for audit trail
Response Timeline
T+0s
Alert detected in Keeper
Keeper Security
T+2s
Jira ticket OPS-3346 created automatically
Forge App
T+1m
Operations team notified
Jira
T+5m
Team reviews audit activity
Operations Team
T+15m
Investigation completed, ticket resolved
Operations Team
Total response time: 15 minutes (vs. hours with manual process)
Supported Alerts
The integration supports over 300 detailed Keeper Security event types as described in the table below.
Role-Based Access Control
The integration implements role-based access control (RBAC) to protect configuration settings.
Permission Levels
Jira Administrator
Full access to all configuration
Project Administrator
View access denied screen
Regular User
View access denied screen
What is Protected
All configuration save operations
Requires Jira Admin
Project and issue type selection
Requires Jira Admin
Field mapping configuration
Requires Jira Admin
Priority mapping configuration
Requires Jira Admin
Configuration reset functionality
Requires Jira Admin
Troubleshooting
Issue: "Allow access" button appears repeatedly
Cause: Development environment or missing admin consent
Solution:
If using development environment, deploy to production
Or grant admin consent as Jira Administrator
Production environment allows one-time consent for all users
Issue: Custom field not appearing in mappings
Cause: Field not associated with project or issue type
Solution:
Verify field is associated with your target project
Check field is associated with the issue type
Refresh the app page
Clear browser cache
Issue: Test webhook fails
Cause: Configuration not saved or issue type mismatch
Solution:
Ensure project is selected and saved
Verify issue type exists in project
Click "Reset Configuration" to regenerate mappings
Check browser console for errors
Issue: Tickets created but fields are empty
Cause: Field mappings not saved or fields don't exist
Solution:
Check field mappings are saved
Verify custom fields exist in Jira
Ensure Keeper payload contains expected fields
Review webhook payload in Keeper admin console
Issue: Cannot find app in Jira
Cause: App not enabled or insufficient permissions
Solution:
Go to Settings → Apps → Manage apps
Verify "Keeper Security ITSM" is enabled
Check you have project admin permissions
Access via: Settings → Apps (sidebar)
Issue: User is admin but sees access denied
Cause: User has project admin but not Jira admin
Solution:
Verify the user has "Jira Administrator" global permission, not just project admin
Check browser console for any API errors
Verify the app has required scopes
Issue: Webhook returns "AUTHENTICATION_FAILED" error
Cause: Invalid or missing Bearer token
Solution:
Verify token authentication is enabled in the Jira app
Check the Authorization header is correctly formatted:
Bearer <token>Ensure there are no extra spaces or line breaks in the token
Regenerate the token if it may have been compromised
Check Keeper webhook configuration includes the Authorization header
Issue: Token was lost or forgotten
Cause: Token only shown once at generation
Solution:
Tokens cannot be retrieved after generation (security feature)
Click "Regenerate Token" to create a new token
Update the Authorization header in Keeper with the new token
Old token is immediately invalidated
Note: After regenerating a token, all existing Keeper webhook configurations using the old token will fail until updated with the new token.
Resources
Last updated
Was this helpful?