...
Add Amazon Security Hub integration
If you're using the Free or Standard plan in Jira Service Management, you can only add this integration from your team’s operations page. To access the feature through Settings (gear icon) > Products (under JIRA SETTINGS) > OPERATIONS, you need to be on Premium or Enterprise plan.
Adding an integration from your team’s operations page makes your team the owner of the integration. This means Jira Service Management assigns the alerts received through this integration to your team only.
To add an integration:
Go to your team’s operations page.
On the left navigation panel, select Integrations and then Add integration.
Complete the rest of the steps in the procedure.
To add an Amazon Security Hub integration in Jira Service Management:
...
Create a custom Security Hub action.
Create a rule in CloudWatch Events for Security Hub findings and an SNS topic for CloudWatch Event target by using the CloudFormation template.
Paste the URL you copied while adding the integration in Jira Service Management into SNSSubEndpoint in the CloudFormation template.
Copy-paste the following (after entering the custom Security Hub action ARN you created in Step 1) into EventPatternParameter in the CloudFormation template.
Code Block { "source": [ "aws.securityhub" ], "detail-type": [ "Security Hub Findings - Custom Action" ], "resources": [ "< CUSTOM ACTION ARN YOU CREATED IN SECURITY HUB >" ] }If the configuration is successful, a confirmation alert is created in Jira Service Management.
Select Send Alert Updates Back to AmazonSecurityHubalert updates back to Amazon Security Hub to enable the outgoing functionality.
Allow Jira Service Management to access the Security Hub resources through an IAM Role.
Use CloudFormation template to create an IAM role.Copy-paste the IAM Role ARN into AmazonSecurityHub Role ARN.
Select the AWS region where you’ve set up the Security Hub.
...
Go to Amazon EventBridge and select Rules.
Select Create rule.
In Step 1, enter a Name and Description for this rule.
Select Rule with an event patterns as Rue type and select Next.
In Step 2, select AWS events and EventBrigde partner events as the Event source.
Then, select AWS services as Event source.
Select Security Hub as AWS Service.
In the Event Type section, select the custom action you created in the security hub.
Select Next.
In Step 3, select SNS topic from the dropdown menu in Target types, then select the topic you created before in the Topic field.
Select Next.
In Step 5, review and create the rule.
Send alert updates back to Amazon Security Hub
Complete the following steps in Jira Service Management to send alert updates back to Amazon Security Hub:
From the Amazon Security Hub integration pageintegration page in Jira Service Management, select the Send Alert Updates Back to AmazonSecurityHub checkboxalert updates back to Amazon Security Hub check box.
Allow Jira Service Management to access security hub resources using an IAM Role. To create a role that allows Jira Service Management to access security hub resources, you can use the CloudFormation template.
Make sure that all the input parameters to the cloudformation template are correct, like ApiKey (such as the API URL from the SecurityHub integration page (pre-populated), Jira Service Management Aws AccountId (pre-populated), and RoleName) are correct. Role The role name should be in opsgenieSecurityHubRolejsmSecurityHubRole* format.
Copy the IAM role ARN created above in the previous step and paste it here into AmazonSecurityHub Role ARN and select the region where the security hub Security Hub is enabled.Select Save Integration to send alert action updates back to Amazon Security Hub findings.
Sample payload from Amazon Security Hub
...