# Jira ITSM

## About The **Keeper Security ITSM Integration** is a Forge-based application that automatically converts security alerts from Keeper Security into actionable Jira tickets. The integration enables security teams, IT administrators, and compliance officers to respond to security incidents immediately without manual ticket creation, ensuring no alert goes unnoticed and maintaining complete audit trails for compliance requirements. ## Features * **Automated Ticket Creation:** Receive security alerts from Keeper via webhooks and automatically create Jira issues with complete alert details including raw JSON payloads for full audit trails. * **Flexible Field Mapping:** Map Keeper alert fields (`alert_name`, `description`, `audit_event`, `username`, `remote_address`, `timestamp`, etc.) to any Jira field including standard fields and custom fields. * **Priority Mapping:** Automatically assign Jira priorities based on Keeper event categories (e.g., data breaches → Highest, routine audits → Low). * **Default Issue Type Selection:** Configure a default Jira issue type (Epic, Story, Task, Bug, etc.) for all incoming Keeper alerts. Issue types are automatically populated based on the selected project. * **Cross-Project Support:** Works with both Team-Managed and Company-Managed Jira projects for maximum flexibility. * **Development Tools:** Built-in test functionality to verify webhook configuration and ticket creation before going live. * **Webhook Authentication:** Secure your webhook endpoint with Bearer token authentication. Generate, regenerate, or revoke tokens directly from the admin interface to prevent unauthorized access. ## Prerequisites * **Keeper Security Account** * **Subscription:** Keeper Enterprise or KeeperPAM subscription with ARAM (Advanced Reporting & Alerts) * **Admin Access:** Access to Keeper Security admin console for webhook configuration. * **Familiarity:** Understanding of Keeper alert types and event categories * **Jira Cloud Instance** * **Platform:** Jira Cloud account * **Permissions**: Project administrator or Jira administrator permissions * **Projects**: At least one Jira project with appropriate issue types configured ## Supported Platform The integration runs on Atlassian Forge platform and supports: ### Jira Cloud | Aspect | Support | | ----------------- | ------------------------------------------ | | **Plans** | Free, Standard, Premium, Enterprise | | **Project Types** | Team-Managed and Company-Managed | | **Regions** | All Atlassian Cloud regions (US, EU, APAC) | ### Supported Browsers | Platform | Browsers | | ----------- | --------------------------------------------- | | **Desktop** | Chrome 90+, Firefox 88+, Safari 14+, Edge 90+ | | **Mobile** | iOS Safari 14+, Chrome Mobile 90+ | ## Requirements ### Jira Requirements | Requirement | Details | | ----------------- | ---------------------------------------------- | | **Jira Cloud** | Any plan (Free, Standard, Premium, Enterprise) | | **API Access** | REST API v3 enabled (default) | | **Custom Fields** | Available on Standard plan and above | ### Keeper Security Requirements | Requirement | Details | | ------------------- | ---------------------------------- | | **Enterprise Plan** | Required for webhook functionality | | **Admin Access** | Required for webhook configuration | | **Alert Types** | At least one configured alert type | ## Installation #### Step 1: Navigate to Marketplace Go to #### Step 2: Install the App 1. Click **"Get it now"** or **"Try it free"** 2. Select your Jira site from the dropdown 3. Click **"Install app"** 4. Wait for installation to complete (30-60 seconds) #### Step 3: Grant Permissions The app requests these permissions: | Permission | Purpose | | ----------------- | ------------------------ | | `read:jira-work` | Read issues and projects | | `write:jira-work` | Create and update issues | | `read:jira-user` | Read user information | | `storage:app` | Store configuration data | Click **"Accept"** to grant permissions. #### Step 4: Verify Installation 1. Go to **Jira Settings (⚙️)** 2. Click **"Apps" → "Manage apps"** 3. Verify **"Keeper Security ITSM"** appears in the installed apps list

## Authentication The integration uses Forge's built-in authentication system. No additional authentication configuration is required. {% tabs %} {% tab title="Project Admins" %} 1. Navigate to **Settings (⚙️) → Apps → Keeper Security ITSM** 2. If prompted, click "Allow access" to grant permissions {% endtab %} {% tab title="Production Deployment" %} 1. Global admin must access the app first to grant site-wide consent 2. After consent, all project admins can access without additional authorization {% endtab %} {% endtabs %} ## Configuration #### Step 1: Access the Admin Interface 1. Open your Jira instance 2. Navigate to **Settings (⚙️) → Apps** 3. Click **"Keeper Security ITSM"** in the sidebar 4. The interface loads with two main tabs: * **Web Trigger Setup** * **Advanced Configuration** #### Step 2: Configure Target Project **Select Target Project** 1. Click **"Web Trigger Setup"** tab 2. Click the **"Target Project"** dropdown 3. Select the Jira project where tickets should be created * Example: "SEC - Security Operations" **Select Default Issue Type** 1. After selecting a project, the "**Default Issue Type**" dropdown automatically populates with issue types available in that project 2. Choose the issue type for all incoming Keeper alerts * Recommended: "Task" or "Incident" * Note: Subtask types are excluded as they require a parent issue **Save Configuration** 1. Click **"Save Configuration"** button 2. Wait for success notification 3. All Keeper alerts will now create tickets with the selected issue type

#### Step 3: Configure Webhook **Copy Webhook URL** 1. The Web Trigger URL appears below the save button * Format: `https://[your-site].atlassian.net/.../keeper-webhook` 2. Click the copy icon or manually select and copy 3. **Save this URL** for Keeper configuration {% hint style="info" %} **Keep this URL secure** — Anyone with this URL can create tickets in your Jira project. {% endhint %} **Configure Webhook Authentication (Recommended)** Secure your webhook endpoint with Bearer token authentication to prevent unauthorized access. **Generate Authentication Token** 1. In the **"Webhook Authentication"** section, check the status badge: * **"NOT CONFIGURED"** (yellow) - No token set, webhook is open * **"ENABLED"** (green) - Token authentication active 2. Click **"Generate Token"** button 3. **Copy the token immediately** - it will only be shown once 4. Store the token securely for Keeper configuration **Token Management** | Action | Description | | -------------------- | ----------------------------------------------- | | **Generate Token** | Creates a new 64-character secure token | | **Regenerate Token** | Invalidates old token and creates new one | | **Revoke Token** | Disables authentication (requires confirmation) | {% hint style="warning" %} **Security Warning:** Without a token, your webhook URL is accessible to anyone who has it. Always generate a token for production use. {% endhint %}

#### Step 4: Configure Keeper Security Webhooks 1. Log in to your **Keeper Admin Console** 2. Navigate to **Reporting & Alerts** 3. Go to **Alerts** **→ Add Alert** **→ Select Alerts (example: BreachWatch Detection)** 4. Go to **Alerts → Add Alert → Add Recipient** 5. Enter Details: * **Name:** "Keeper ITSM Alerts" (this will appear in the Jira ticket title) * **Webhook URL:** Paste the URL from Jira app * **Token:** Paste token generated from Jira app * **HTTP Body**: Leave empty * **Save** webhook configuration

#### Step 5: Test the Connection Before receiving live alerts, test the integration: **Option 1: Using Built-in Test Button** 1. In the Keeper ITSM app, scroll to **"Development Tools"** section 2. Click **"Test Web Trigger"** button 3. Verify success notification appears 4. Go to your Jira project board 5. Confirm a test ticket was created (e.g., "OPS-1: Security Alert: Test Event") **Note:** The test button bypasses token authentication (internal call). Use Option 2 to test authentication end-to-end. **Option 2: Using curl Command** Test your webhook with authentication using curl: **With Authentication Token:** {% code overflow="wrap" %} ``` curl -X POST "https://YOUR-SITE.atlassian.net/x/YOUR-WEBHOOK-PATH" -H "Content-Type: application/json" -H "Authorization: Bearer YOUR-64-CHARACTER-TOKEN" -d '{ "alert_name": "Test Alert", "description": "This is a test alert from curl", "audit_event": "test_event", "username": "test@example.com", "remote_address": "127.0.0.1", "timestamp": "2026-01-23T12:00:00.000Z" }' ``` {% endcode %} {% hint style="success" %} **Test Successful?** — Your integration is ready to receive live alerts from Keeper Security. {% endhint %} ## Usage #### Basic Workflow The integration follows this automated workflow:

Keeper Security Alert → Webhook + Auth Token → Forge App → Jira Ticket Created

When Keeper Security detects any configured event (failed login, BreachWatch alert, etc.): 1. Keeper sends alert data via webhook with Authorization header 2. Forge app validates the Bearer token (if configured) 3. App validates and processes the payload 4. App maps fields and determines issue type/priority 5. Jira ticket created automatically with all alert details 6. Team receives notification and can respond immediately

Example Jira Ticket generated by Keeper ITSM Integration

#### Creating Custom Fields Custom fields capture Keeper-specific data that doesn't fit standard Jira fields. **Recommended Custom Fields**

Field Name	Type	Purpose	Example Value
Remote IP Address	Text	Source IP of event	`192.168.1.100`
Event Category	Select List	Keeper alert category	`security`, `audit`, `breach`
Security Event Type	Text	Specific event type	`audit_user_failed_login`
Device Name	Text	Device that triggered alert	`John-MacBook-Pro`
Alert Timestamp	Date Time	Original alert time	`2025-01-15T14:30:00Z`
Alert Severity	Select List	Severity level	`critical`, `high`, `medium`, `low`

**Creating Custom Fields in Jira** To set up custom fields, open the Keeper Security ITSM application and select the "Advanced Configuration" screen.

Step	Action	Details
1. Navigate	Settings (⚙️) → Issues → Custom fields	Opens custom field management
2. Create	Click "Create custom field"	Choose field type (Text, Date, Select List, URL)
3. Configure	Enter name, description, options	Example: "Remote IP Address"
4. Associate	Link to projects and issue types	Select your target project
5. Verify	Create test issue to confirm field appears	Field ready for mapping

{% hint style="info" %} **Note:** Custom fields require **Jira Administrator** permissions for global fields, or **Project Administrator** for project-specific fields. {% endhint %} #### Field Mapping Configuration Map Keeper alert data to Jira fields for automatic population. **Access Field Mapping** 1. Go to **Advanced Configuration** tab 2. Click **"Field Mapping"** sub-tab 3. View list of Keeper payload fields **Example Mapping Configuration**

Keeper Field	Maps To →	Jira Field
`alert_name`	→	Summary
`description`	→	Description
`audit_event`	→	Security Event Type (custom)
`username`	→	Reporter or custom field
`remote_address`	→	Remote IP Address (custom)
`timestamp`	→	Alert Timestamp (custom)

**Steps to Configure** 1. Locate the Keeper field in the list 2. Click the dropdown next to the field 3. Select destination Jira field (standard or custom) 4. Click **"Save Mappings"** after configuration #### Priority Mapping Configure automatic priority assignment based on Keeper event categories. 1. Click **"Priority Mapping"** tab 2. Map event categories to priorities:

Event Category	Maps To →	Jira Priority
`data_breach`	→	Highest
`password_breach`	→	Highest
`unauthorized_access`	→	High
`suspicious_activity`	→	High
`policy_violation`	→	Medium
`audit_user_login`	→	Low

3. Click **"Save Priority Mappings"**

Event Category	Maps To →	Jira Issue Type
`data_breach`	→	Incident
`password_breach`	→	Incident
`policy_violation`	→	Task
`audit_user_login`	→	Sub-task

## Complete Workflow Example #### Scenario: Audit Alert Resumed → Automated Jira Ticket **Workflow Overview**

Phase	What Happens	Result
1. Setup (One-Time)	Configure field/priority/issue mappings in app	Ready to receive alerts
2. Alert Triggers	Keeper detects admin resumed audit alert	Alert generated
3. Webhook Sent	Keeper sends alert data with Authorization header to webhook URL	Data transmitted securely
4. Auth Validated	App validates Bearer token (if configured)	Request authenticated
5. App Processes	App validates payload, maps fields, applies priority mapping	Ticket prepared
6. Ticket Created	Jira ticket auto-created with all alert details	Team notified
7. Team Responds	Operations team reviews and resolves	Incident closed

**Example Alert Flow** **Keeper Alert Data:** {% code overflow="wrap" %} ```javascript { "alert_name": "Jira Alerts", "description": "Admin john.doe@company.com resumed audit alert", "audit_event": "audit_alert_resumed", "username": "john.doe@company.com", "remote_address": "110.227.52.162", "timestamp": "2025-11-05T05:00:28.091Z" } ``` {% endcode %} **Jira Ticket Created (OPS-3346):**

Field	Value	Source
Type	Task	Default issue type
Summary	Jira Alerts: audit_alert_resumed	From `alert_name` + `audit_event`
Description	Alert details + complete JSON payload	From alert data
Security Event Type	audit_alert_resumed	From `audit_event` (custom field)
Remote Address	110.227.52.162	From `remote_address` (custom field)
Timestamp	2025-11-05 05:00:28	From `timestamp`
Status	Pending	Default workflow status

**Key Details Captured:** * Alert Type: audit\_alert\_resumed * Alert Name: Jira Alerts * Username: * Timestamp: 2025-11-05T05:00:28.091Z * Source: Keeper Security * Complete Raw Payload: Full JSON preserved for audit trail **Response Timeline** | Time | Action | Owner | | --------- | ------------------------------------------ | --------------- | | **T+0s** | Alert detected in Keeper | Keeper Security | | **T+2s** | Jira ticket OPS-3346 created automatically | Forge App | | **T+1m** | Operations team notified | Jira | | **T+5m** | Team reviews audit activity | Operations Team | | **T+15m** | Investigation completed, ticket resolved | Operations Team | {% hint style="success" %} **Total response time: 15 minutes** (vs. hours with manual process) {% endhint %} ## Supported Alerts The integration supports over 300 detailed Keeper Security event types as described in the table below. {% embed url="" %} Keeper Security Event Types {% endembed %} ## Role-Based Access Control The integration implements role-based access control (RBAC) to protect configuration settings. #### Permission Levels | User Role | Access Level | | ------------------------- | -------------------------------- | | **Jira Administrator** | Full access to all configuration | | **Project Administrator** | View access denied screen | | **Regular User** | View access denied screen | #### What is Protected | Area | Protection | | ------------------------------------- | ------------------- | | **All configuration save operations** | Requires Jira Admin | | **Project and issue type selection** | Requires Jira Admin | | **Field mapping configuration** | Requires Jira Admin | | **Priority mapping configuration** | Requires Jira Admin | | **Configuration reset functionality** | Requires Jira Admin | ## Troubleshooting #### Issue: "Allow access" button appears repeatedly **Cause:** Development environment or missing admin consent **Solution:** * If using development environment, deploy to production * Or grant admin consent as Jira Administrator * Production environment allows one-time consent for all users #### Issue: Custom field not appearing in mappings **Cause:** Field not associated with project or issue type **Solution:** 1. Verify field is associated with your target project 2. Check field is associated with the issue type 3. Refresh the app page 4. Clear browser cache #### Issue: Test webhook fails **Cause:** Configuration not saved or issue type mismatch **Solution:** 1. Ensure project is selected and saved 2. Verify issue type exists in project 3. Click "Reset Configuration" to regenerate mappings 4. Check browser console for errors #### Issue: Tickets created but fields are empty **Cause:** Field mappings not saved or fields don't exist **Solution:** 1. Check field mappings are saved 2. Verify custom fields exist in Jira 3. Ensure Keeper payload contains expected fields 4. Review webhook payload in Keeper admin console #### Issue: Cannot find app in Jira **Cause:** App not enabled or insufficient permissions **Solution:** 1. Go to **Settings → Apps → Manage apps** 2. Verify "Keeper Security ITSM" is enabled 3. Check you have project admin permissions 4. Access via: **Settings → Apps** (sidebar) #### Issue: User is admin but sees access denied **Cause:** User has project admin but not Jira admin **Solution:** * Verify the user has "Jira Administrator" global permission, not just project admin * Check browser console for any API errors * Verify the app has required scopes #### Issue: Webhook returns "AUTHENTICATION\_FAILED" error **Cause:** Invalid or missing Bearer token **Solution:** 1. Verify token authentication is enabled in the Jira app 2. Check the Authorization header is correctly formatted: `Bearer ` 3. Ensure there are no extra spaces or line breaks in the token 4. Regenerate the token if it may have been compromised 5. Check Keeper webhook configuration includes the Authorization header #### Issue: Token was lost or forgotten **Cause:** Token only shown once at generation **Solution:** 1. Tokens cannot be retrieved after generation (security feature) 2. Click **"Regenerate Token"** to create a new token 3. Update the Authorization header in Keeper with the new token 4. Old token is immediately invalidated **Note:** After regenerating a token, all existing Keeper webhook configurations using the old token will fail until updated with the new token. ### Resources * [Reporting, Alerts & SIEM](https://docs.keeper.io/enterprise-guide/event-reporting) * [Keeper Webhooks](https://docs.keeper.io/enterprise-guide/webhooks) * [Keeper Enterprise Guide](https://app.gitbook.com/o/-LO5CAzoigGmCWBUbw9z/s/-LO5CAzpxoaEquZJBpYz/)