Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancements to JIRA v1 output #1311

Open
wants to merge 9 commits into
base: release-4-0-0
Choose a base branch
from
Open

Enhancements to JIRA v1 output #1311

wants to merge 9 commits into from

Conversation

Ryxias
Copy link
Contributor

@Ryxias Ryxias commented Apr 15, 2021
edited

to: @ryandeivert @chunyong-lin
cc: @gavinelder
cc: @airbnb/streamalert-maintainers

Changes

  • Adds option to perform clientside SSL cert verification
  • Adds aggregation additional filter
  • Adds ability to add additional fields through publisher

ClientSide SSL Verification

To enable this, simply put yes in the new ssl_verify output parameter.

Aggregation Additional Filter

# When aggregation is enabled, it will fuzzy-search any JIRA ticket that best-matches
# the "summary ~ ..." statement, within the project key. For each matching rule,
# instead of creating new JIRA tasks over and over, it will instead opt to append a
# comment to a similar(ish) JIRA task.
#
# However, this can result in  very long-lived JIRA tickets getting tons of comments
# appended on. This optional parameter allows users to specify an additional JQL clause
# to filter out these older tickets, encouraging new JIRA tasks to be created from
# time to time. It can also be used to increase the accuracy of finding the parent
# task (maybe filtering on a component) in case you find the StreamAlert integration
# is appending comments to unrelated issues.
#
# Example: A highly effective JQL suffix is "created > startOfWeek(-1w)"

Can also use other fields like created > startOfWeek(-1w) AND status != Resolved or the like. It depends on your JIRA project's specific configurations. You might have some crazy custom field like custom_field_10101 = "Low". Etc.

To enable this, simply put the query string into the aggregation_additional_jql output parameter.

Additional Fields

# For example, if your JIRA project requires a custom field called "custom_field_1",
# you can set the following json-encoded string in this:
# {"custom_field_1": {"value": "FooBar"}}
#
# These fields are DEFAULT values. You can still override them using the
# @jira.additional_fields publisher parameter.

To enable this, provide the json-encoded string representation of the dict. Because the parameter store stores everything as a JSON string you'll have to escape quotes.

Testing

Deployed internally

ryandeivert and others added 9 commits October 5, 2020 14:15
@ryandeivert
official release of v3.4.1 (#1297)
27b8669 
* bumping version to 3.4.1

* adding fix for #1294 to only copy terraform files once during init (#1295)

* adding fix for #1294

* pylint
@dependabot
Bump httplib2 from 0.18.1 to 0.19.0 (#1305)
ceb680b 
Bumps [httplib2](https://github.com/httplib2/httplib2) from 0.18.1 to 0.19.0.
- [Release notes](https://github.com/httplib2/httplib2/releases)
- [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG)
- [Commits](httplib2/httplib2@v0.18.1...v0.19.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@gavinelder @Ryxias
Update CloudTrail critical API calls 'cloudtrail:PutEventSelectors' (#…
1be68fe 
…1303)

Co-authored-by: Ryxias <[email protected]>
@zachzeid @Ryxias
Add victorops as an output in streamalert. (#1304)
6097c7e 
* Add victorops as an output in streamalert.

* linting fixes.

* Update test_output_base to include victorops

* Missing comma

Co-authored-by: Zach Zeid <[email protected]>
Co-authored-by: Ryxias <[email protected]>
@gavinelder @Ryxias
[OUTPUT] Jira Cloud SASS (jira-v2) (#1302)
0bb9dab 
* Copy Existing Jira provider and update test + imports for new provider name

* Update app collector for v2

* Update test use-cases + fix b64encode

* Update docs

* Lint:

* Decode b64 object

Co-authored-by: Ryxias <[email protected]>
@gavinelder @Ryxias
Update cloudtrail schema to 1.08 (#1301)
6d534dc 
* Update cloudtrail schema to 1.08

* Update OPTK

Co-authored-by: Ryxias <[email protected]>
@dependabot @Ryxias
Bump cryptography from 3.0 to 3.2 (#1299)
34f7bef 
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.0 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](pyca/cryptography@3.0...3.2)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ryxias <[email protected]>
@deanillfeld @Ryxias
Python package version bumps (#1306)
b510d39 
* bump cffi to resolve install issues on osx big sur

* define idna version to resolve conflict

Co-authored-by: Dean Illfeld <[email protected]>
Co-authored-by: Ryxias <[email protected]>
@Ryxias
Enhancements to JIRA v1 output
0c886e4
@Ryxias Ryxias changed the title Enhancements to JIRA v1 output@z Enhancements to JIRA v1 output Apr 15, 2021
@Ryxias Ryxias changed the base branch from master to release-3-5-0 April 15, 2021 18:32
@gavinelder
Copy link
Contributor

I really like the changes here to the aggregation filter and also the additional fields.

To confirm was the intent in the CC to see if they should also be added to the Jira_v2 output.

Also in hindsight I wonder if supporting both auth methods in the same output behind a boolean may be better than two distinct outputs.

@Ryxias
Copy link
Contributor Author

Ryxias commented Apr 15, 2021

Yeah it was kind of an "FYI" since I knew you wrote a lot of the JIRA v2 integration. Admittedly we didn't sync the v2 internally yet so I actually forgot it existed on the OSS repo; only just noticed it when I synced these JIRA changes out.

And yeah, I took a cursory glance over the JIRA integration and I see the main difference is the auth; v1 uses username/password login whereas v2 uses api key in basic auth header. Since they both use REST API v1/v2 I think would be worth DRYING it out. I'll think about doing that if I have time

@ryandeivert ryandeivert changed the base branch from release-3-5-0 to release-4-0-0 November 4, 2021 18:53
@gavinelder gavinelder mentioned this pull request Jul 19, 2022
Closed
@gavinelder
Copy link
Contributor

PS this is 🔥 Just pulled this in & Dry'd out the config in #1333

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Ryxias @gavinelder @ryandeivert @zachzeid @deanillfeld