Custom Fields

[lisaegor1]

Hello In our Jira we try to limit the number of custom fields. Is it possible to avoid creating 30 custom fields? As I understand it, only making changes within the script will help? Thanks

[SteveMcGrath]

If you just want LESS fields but are otherwise happy with the data, you could always override the fields being used in the config file by simply removing the ones you dont want in your own config. Take a look at the embedded config to understand how its configured by default. If you update your config with your own fields list, it'll replace everything thats in the default.

https://github.com/tenable/integration-jira-cloud/blob/master/tenable_jira/config.py

[lisaegor1]

Thanks for the quick reply. Perhaps I will write more if there are questions. Have a nice day

[lisaegor1]

Hello I'm wondering if it's possible to create all resources manually for a plugin in a way that doesn't give admin access to the plugin?

[SteveMcGrath]

I mean, you could. You'll have to create the field names with the exact name thats in the config. From there the integration should pick them up and use them if configured to do so. You'll also have to make sure you match the field type.

[lisaegor1]

Hm, i need your opinion about my situation, pls. We dont want to grant admin permission to the plugin. Insted I have decided to create all needed resources. I have created Separate Project with key VULN, Custom Fields and 2 Screens with needed tabs.(I left config file below).. And i specified IDs of Screens and Fields. But I steel get the same ERROR. UnauthorizedError: [401: GET] https://selectcomforttest.atlassian.net/rest/api/3/screens/10002/tabs body=b'{"errorMessages":[],"errors":{}}'

`screen:
  jira_ids:
    - xxxx
    - xxxx
  name:
    - Kanban Bug Screen
    - Kanban Default Issue Screen
  tabs:
    Vulnerability:
      - Tenable CVE
      - Teanble First Found
      - Tenable State
    Asset:
      - Tenable Asset UUID
      - Tenable IPv4
fields:

 Vulnerability fields
  - jira_field: Tenable CVE
    jira_id: customfield_xxxx
    type: labels
    searcher: labelsearcher
    issue_type:
      - Task
    tio_field: plugin.cve
    tsc_field: cve

 Vulnerability Instance fields
  - jira_field: TenableAsset UUID
    jira_id: customfield_xxxx
    type: labels
    searcher: labelsearcher
    issue_type:
      - Sub-task
    tio_field: asset.uuid
    tsc_field: uuid

  - jira_field: Tenable IPv4
    jira_id: customfield_xxxx
    type: labels
    searcher: labelsearcher
    issue_type:
      - Sub-task
    tio_field: asset.ipv4
    tsc_field: ip

  - jira_field: Tenable First Found
    jira_id: customfield_xxxx
    type: datetime
    searcher: datetimerange
    issue_type:
      - Sub-task
    tio_field: first_found
    tsc_field: firstSeen

  - jira_field: Tenable State
    jira_id: customfield_xxxx
    type: readonlyfield
    searcher: textsearcher
    issue_type:
      - Sub-task
    tio_field: state
'''

` I have made changes in this part of code.

[SteveMcGrath]

you can always run the integration once with admin using the --setup-only flag. it will read the config, create everything, and then dump a new config file to the disk. from there, you can reduce the permissions as everything is created.

As for code changes, you dont need to make any changes to the code itself, just to YOUR config file. Any of the settings in the embedded config file will be overridden with whatever you provide within your own config file.

[lisaegor1]

So, As I understand I can specify existing Project, Fields and Screens that i need in MY config file and the plugin will use them. If I specify existing fields, will the plugin create missing fields? For example, I don't need all the fields that the plugin creates, I need only a few of them. And I would like to know if the permission of the administrator is needed only to create a project, screen and fields or for something else too? Your plugin is very useful, but I would like to know more about why plugin need admin permission before I grant it Thank you!

[SteveMcGrath]

admin is only needed for initial creation.

As for fields, if you specify the fields stanza within your config, it'll override all of the fields defined within the default config and only use the ones you specify.

[lisaegor1]

Hello, it`s me again) Have several questions. I'm wondering what these permissions are for? -Delete Issues -Schedule Issues -Set Issue Security And how to use setup-only mode correctly? The documentation states that "there is a setup-only mode that will create the project, fields, and screens, then generate a full configuration file afterwards." And where can I specify already existing Fields, Projects and Screens because the config file will be created by the plugin? Need to modify config.py? Thanks

[SteveMcGrath]

you would specify the config just like before. A new config will be generated in your current working path called "generated-config.yaml". that new config should have everything needed.

Those permissions may not be needed, however were reported by other folks as necessary for operations in the past.

[lisaegor1]

Hi! Thanks for all information that you give. But I have got another issue.. I Have installed and create config file. Then I have run the plugin in setup-only mode and got my new config. But I have got this 2022-11-10 03:55:07,184 restfly.errors.BadRequestError ERROR [400: PUT] https://selectcomforttest.atlassian.net/rest/api/3/issue/10039?notifyUsers=true&overrideScreenSecurity=false&overrideEditableFlag=false body=b'{"errorMessages":[],"errors":{"null":"Field \'null\' cannot be set. It is not on the appropriate screen, or unknown."}}' (tenable_integration) root@bda41ddf18d8:/tenable_integration# ll
I can share my config if it will help What do You think about that?

[lisaegor1]

Looks like that i have fixed that. But I wonder how much time the process takes. Just now it gives me an error (below).In Tenable.io i restfly.errors.TooManyRequestsError ERROR [429: POST] https://cloud.tenable.com/vulns/export body=b'{"values":["d7fe8c5b-a186-4c76-8207-c315a2a99eca","1459fc32-7c13-4efd-b564-9bcdb1dea935"],"strings":["Duplicate export (job_uuid="," container_uuid=","). not allowed. Please modify request or wait until existing export is complete."],"empty":false,"bytes":"RHVwbGljYXRlIGV4cG9ydCAoam9iX3V1aWQ9ZDdmZThjNWItYTE4Ni00Yzc2LTgyMDctYzMxNWEyYTk5ZWNhIGNvbnRhaW5lcl91dWlkPTE0NTlmYzMyLTdjMTMtNGVmZC1iNTY0LTliY2RiMWRlYTkzNSkuIG5vdCBhbGxvd2VkLiBQbGVhc2UgbW9kaWZ5IHJlcXVlc3Qgb3Igd2FpdCB1bnRpbCBleGlzdGluZyBleHBvcnQgaXMgY29tcGxldGUu","value_count":2}' in Tenable, there is a request for cloud audit in the logs. So everything seems to work, but for some reason I get an error

[SteveMcGrath]

https://developer.tenable.com/docs/rate-limiting

[lisaegor1]

Sorry fr bothering you. Thank you for your support. I specify tag of test scaner in Tenable.io that contain report with only 3 low vuln. But I have still the same ERROR 429. I have read about it in Tenable documentation. it`s related to rate-limit, i know [429: POST] https://cloud.tenable.com/vulns/export body=b'{"values":["a572a4a3-d432-4a8a-9af4-d665178e1b8f","1459fc32-7c13-4efd-b564-9bcdb1dea935"],"strings":["Duplicate export (job_uuid="," container_uuid=","). not allowed. Please modify request or wait until existing export is complete." Why is this happening?

[lisaegor1]

closed_transitions:
- Done
fields:
- issue_type:
  - Task
  jira_field: Tenable CVE
  jira_id: customfield_10035
  searcher: textsearcher
  tio_field: plugin.cve
  tsc_field: cve
  type: plaintextonly
- issue_type:
  - Sub-task
  jira_field: TenableAsset UUID
  jira_id: customfield_10036
  searcher: textsearcher
  tio_field: asset.uuid
  tsc_field: uuid
  type: plaintextonly
- issue_type:
  - Sub-task
  jira_field: Tenable IPv4
  jira_id: customfield_10037
  searcher: textsearcher
  tio_field: asset.ipv4
  tsc_field: ip
  type: plaintextonly
- issue_type:
  - Sub-task
  jira_field: Tenable First Found
  jira_id: customfield_10038
  searcher: textsearcher
  tio_field: first_found
  tsc_field: firstSeen
  type: plaintextonly
- issue_type:
  - Sub-task
  jira_field: Tenable State
  jira_id: customfield_10039
  searcher: textsearcher
  tio_field: state
  type: plaintextonly
issue_default_fields:
  description:
    Sub-task:
    - name: Description
      tio_field: '{vuln[plugin.description]} '
      tsc_field: '{vuln[description]} '
    - name: Solution
      tio_field: '{vuln[plugin.solution]} '
      tsc_field: '{vuln[solution]} '
    - name: Output
      tio_field: '{vuln[output]} '
      tsc_field: '{vuln[pluginOutput]} '
    Task:
    - name: Description
      tio_field: '{vuln[plugin.description]} '
      tsc_field: '{vuln[description]} '
    - name: Solution
      tio_field: '{vuln[plugin.solution]} '
      tsc_field: '{vuln[solution]} '
  summary:
    Sub-task:
      tio_field: '[{vuln[asset.hostname]}/{vuln[port.port]}/{vuln[port.protocol]}]
        [{vuln[plugin.id]}] {vuln[plugin.name]}'
      tsc_field: '[{vuln[ip]}/{vuln[port]}/{vuln[protocol]}] [{vuln[pluginID]}] {vuln[pluginName]}'
    Task:
      tio_field: '[{vuln[plugin.id]}] {vuln[plugin.name]}'
      tsc_field: '[{vuln[pluginID]}] {vuln[pluginName]}'
issue_types:
- name: Task
  search:
  - Tenable Plugin ID
  type: standard
- name: Sub-task
  platform:
    tenable.io: &id001
    - Tenable Platform
    - Tenable Plugin ID
    - Tenable Asset UUID
    - Vulnerability Port
    - Vulnerability Protocol
    tenable.sc:
    - Tenable Platform
    - Tenable Plugin ID
    - Tenable Asset UUID
    - Device IPv4 Addresses
    - Device IPv6 Addresses
    - Vulnerability Port
    - Vulnerability Protocol
  search: *id001
  type: subtask
jira:
  address: selectcomforttest.atlassian.net
  api_token: xx
  api_username: xx
project:
  assigneeType: UNASSIGNED
  description: Managing vulnerabilities discovered from Tenable products.
  key: VULN
  leadAccountId: xx
  name: Vulnerability Management
  projectTemplateKey: com.atlassian.jira-core-project-templates:jira-core-simplified-task-tracking
  projectTypeKey: business
  url: https://tenable.com
screen:
  jira_ids:
  - 10002
  - 10003
  name:
  - Kanban Bug Screen
  - Kanban Default Issue Screen
  no_create: true
  tabs:
    Asset:
    - Tenable Asset UUID
    - Tenable IPv4
    Vulnerability:
    - Tenable CVE
    - Teanble First Found
    - Tenable State
service:
  interval: 24
tenable:
  access_key: xx
  address: null
  chunk_size: 1000
  page_size: 1000
  password: null
  platform: tenable.io
  port: 443
  query_id: null
  secret_key: xx
  severity_prioritization:
    critical: 1
  tio_tags:
    - key: EC2
      value: "InstanceID"
  tio_age: 30
  tio_severities:
  - critical
  - high
  - low
  username: null

Here is my config

[lisaegor1]

This inscription confuses me Duplicate export (job_uuid="," container_uuid=","). not allowed. Please modify request or wait until existing export is complete Maybe there is some setting in Tenable that prevents the export of data?

[lisaegor1]

Hi, Looks like I have closed that issue. I think that was problem on Tenable.io side, not mine. What I have now. I have project VULN and the plugin see it, but the plugin updates tasks that were created by me manually. And dont create new tasks or subtasks. And I have got. First its fine 022-11-15 12:29:15,329 tenable_jira.jira.Jira DEBUG Request: {"method": "PUT", "url": "https://<JIRA_CLOUD_HOST>/rest/api/3/issue/10039", "params": {"notifyUsers": "true", "overrideScreenSecurity": "false", "overrideEditableFlag": "false"}, "body": {"fields": {"project": {"key": "VULN"}, "issuetype": {"id": 10003}, "null": "Tenable.io", "customfield_10036": "a77e4115-bd41-422f-8815-e50b40e67f57", "customfield_10037": "176.27.6.21", "customfield_10038": "2022-03-08T01:46:48.012Z", "customfield_10039": "OPEN", "summary": "[ip-176-27-6-21.dev.siq.com/0/UNKNOWN] [151796] Amazon Linux 2 : rpm (ALAS-2021-1689)", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "The version of rpm installed on the remote host is prior to 4.11.3-40. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1689 advisory.\n\n - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. (CVE-2021-20271)\n\n - A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. (CVE-2021-3421)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Run 'yum update rpm' to update your system. "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Output"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Name : rpm\nVersion : 4.11.3-40.amzn2.0.5\nFixed version : 4.11.3-40.amzn2.0.6 "}]}]}, "parent": {"key": "VULN-5"}}}} It has updated existing ticket (for some reasons doesnt update tabs) But Then restfly.errors.BadRequestError: [400: PUT] https://<JIRA_CLOUD_HOST>/rest/api/3/issue/10039?notifyUsers=true&overrideScreenSecurity=false&overrideEditableFlag=false body=b'{"errorMessages":[],"errors":{"null":"Field \'null\' cannot be set. It is not on the appropriate screen, or unknown."}}'

[alpesh-te]

@lisaegor1 let me know if your are still facing any issue from jira-cloud side. Feel free to close ticket.

[lisaegor1]

@alpesh-te Hi! Still have the same problem. The plguin doesnt want to create tickets and update old ones. Can only update tickets that was created manually in the project. tenable_jira.jira.Jira DEBUG Request: {"method": "POST", "url": "https://<JIRA_CLOUD_HOST>/rest/api/3/issue", "params": {"update_history": false}, "body": {"fields": {"project": {"key": "VULN"}, "issuetype": {"id": 10003}, "null": "Tenable.io", "customfield_10036": "2951ad27-2e20-41b0-a163-0e141239ec63", "customfield_10037": "172.26.3.44", "customfield_10038": "2021-12-13T13:33:32.984Z", "customfield_10039": "REOPENED", "summary": "[172.26.3.44/1099/TCP] [118039] Java JMX Agent Insecure Configuration", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent.\n\nMoreover, this insecure configuration could allow the attacker to create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, the attacker could execute arbitrary code on the remote host under the security context of the remote Java VM. "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Enable SSL client or password authentication for the JMX agent. "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Output"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "\nClassPath: \n/opt/hazelcast/lib/hazelcast-all-3.8.1.jar:/opt/hazelcast/lib/slf4j-api-1.7.13.jar:/opt/hazelcast/lib/slf4j-ext-1.7.13.jar:/opt/hazelcast/lib/hazelcast-3.12.10.jar:/opt/hazelcast/lib/logback-core-1.1.3.jar:/opt/hazelcast/lib/slf4j-simple-1.7.13.jar:/opt/hazelcast/lib/hazelcast-all-3.12.10.jar:/opt/hazelcast/lib/hazelcast-spring-3.12.10.jar:/opt/hazelcast/lib/hazelcast-client-3.12.10.jar:/opt/hazelcast/lib/\n\nInputArguments: \n-Xms4000M -Xmx4000M -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dhazelcast.jmx=true -XX:+PrintGC -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/var/log/gclog.log -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/hzDump.hprof -XX:+UseG1GC -Dhazelcast.diagnostics.enabled=true -Dhazelcast.diagnostics.metric.level=info -Dhazelcast.diagnostics.invocation.sample.period.seconds=5 -Dhazelcast.diagnostics.pending.invocations.period.seconds=5 -Dhazelcast.diagnostics.slowoperations.period.seconds=5 -Dhazelcast.diagnostics.storeLatency.period.seconds=10 -Dhazelcast.config=/opt/hazelcast/bin/hazelcast.xml\n "}]}]}, "parent": {"key": "VULN-11"}}}} I created ticket with name test. Information above appeared in the ticket. But then i got this 2022-11-21 08:18:23,147 urllib3.connectionpool DEBUG https://<JIRA_CLOUD_HOST>:443 "POST /rest/api/3/issue?update_history=False HTTP/1.1" 400 None 2022-11-21 08:18:23,148 restfly.errors.BadRequestError ERROR [400: POST] https://<JIRA_CLOUD_HOST>/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"null":"Field \'null\' cannot be set. It is not on the appropriate screen, or unknown."}}'

[lisaegor1]

But if i dont have any clear tickets in the project, plugin try to update old tickets 2022-11-21 08:50:29,754 tenable_jira.jira.Jira DEBUG Request: {"method": "POST", "url": "https://<JIRA_CLOUD_HOST>/rest/api/3/issue", "params": {"update_history": false}, "body": {"fields": {"project": {"key": "VULN"}, "issuetype": {"id": 10000}, "summary": "[118039] Java JMX Agent Insecure Configuration", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent.\n\nMoreover, this insecure configuration could allow the attacker to create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, the attacker could execute arbitrary code on the remote host under the security context of the remote Java VM. "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Enable SSL client or password authentication for the JMX agent. "}]}]}}}} 2022-11-21 08:50:30,018 urllib3.connectionpool DEBUG https://<JIRA_CLOUD_HOST>:443 "POST /rest/api/3/issue?update_history=False HTTP/1.1" 400 None 2022-11-21 08:50:30,020 restfly.errors.BadRequestError ERROR [400: POST] https://<JIRA_CLOUD_HOST>/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"customfield_10011":"Epic Name is required."}}' But current ticket already have this information.

[spatelte]

@lisaegor1 it's seems like not able to set or change value for Epic Name custom field, if you can share your config.yml and generated_config.yaml files that will help us to know what is Epic name because it's not created by our integration, meanwhile you can check Epic Name custom field on got to the Project >> Vulnerability Management>> Project settings >> Fields, is that enabled for our tenable screens, if it's not the need to enable.

for the yml you can use spatel.ctr at tenable.com and asorathiya.ctr at tenable.com

[lisaegor1]

@spatelte

Oh, i solved "Epic name is required" issue. Also plugin creates a new tickets. But sill dont have any info in tabs and not all tickets are created. "Field \'null\' cannot be set. It is not on the appropriate screen, or unknown." I have found that: "method": "POST", "url": "https://<JIRA_CLOUD_HOST>/rest/api/3/issue", "params": {"update_history": false}, "body": {"fields": {"project": {"key": "VULN"}, "issuetype": {"id": 10003}, "null": "Tenable.io"... -I got it while creating sub-task Plugin want to add info about tenable platform that i use. But i have specified fields that contain info only about vuln. (CVE, IP, STATE, First Found, etc.) My conf file: `### Configuration File:

closed_transitions:
- Done
fields:
- issue_type:
  - Task
  jira_field: Tenable CVE
  jira_id: customfield_10035
  searcher: textsearcher
  tio_field: plugin.cve
  tsc_field: cve
  type: string
- issue_type:
  - Task
  jira_field: Epic Name
  jira_id: customfield_10011
  searcher: textsearcher
  static_value: VULN-test
  type: string
- issue_type:
  - Sub-task
  jira_field: Tenable Asset UUID
  jira_id: customfield_10036
  searcher: textsearcher
  tio_field: asset.uuid
  tsc_field: uuid
  type: string
- issue_type:
  - Sub-task
  jira_field: Tenable IPv4
  jira_id: customfield_10037
  searcher: textsearcher
  tio_field: asset.ipv4
  tsc_field: ip
  type: string
- issue_type:
  - Sub-task
  jira_field: Tenable First Found
  jira_id: customfield_10038
  searcher: textsearcher
  tio_field: first_found
  tsc_field: firstSeen
  type: string
- issue_type:
  - Sub-task
  jira_field: Tenable State
  jira_id: customfield_10039
  searcher: textsearcher
  tio_field: state
  type: string
issue_default_fields:
  description:
    Sub-task:
    - name: Description
      tio_field: '{vuln[plugin.description]} '
      tsc_field: '{vuln[description]} '
    - name: Solution
      tio_field: '{vuln[plugin.solution]} '
      tsc_field: '{vuln[solution]} '
    - name: Output
      tio_field: '{vuln[output]} '
      tsc_field: '{vuln[pluginOutput]} '
    Task:
    - name: Description
      tio_field: '{vuln[plugin.description]} '
      tsc_field: '{vuln[description]} '
    - name: Solution
      tio_field: '{vuln[plugin.solution]} '
      tsc_field: '{vuln[solution]} '
  summary:
    Sub-task:
      tio_field: '[{vuln[asset.hostname]}/{vuln[port.port]}/{vuln[port.protocol]}]
        [{vuln[plugin.id]}] {vuln[plugin.name]}'
      tsc_field: '[{vuln[ip]}/{vuln[port]}/{vuln[protocol]}] [{vuln[pluginID]}] {vuln[pluginName]}'
    Task:
      tio_field: '[{vuln[plugin.id]}] {vuln[plugin.name]}'
      tsc_field: '[{vuln[pluginID]}] {vuln[pluginName]}'
issue_types:
- name: Task
  search:
  - Tenable Plugin ID
  type: standard
- name: Sub-task
  platform:
    tenable.io: &id001
    - Tenable CVE
    - Tenable Asset UUID
    - Tenable IPv4
    - Tenable First Found
    - Tenable State
  search: *id001
  type: subtask
jira:
  address: <REDACTED>
  api_token: <REDACTED>
  api_username: <REDACTED>
project:
  assigneeType: UNASSIGNED
  description: Managing vulnerabilities discovered from Tenable products.
  key: VULN
  leadAccountId: <REDACTED>
  name: Vulnerability Management
  projectTemplateKey: com.atlassian.jira-core-project-templates:jira-core-simplified-task-tracking
  projectTypeKey: business
  url: https://tenable.com
screen:
  jira_ids:
  - 10002
  - 10003
  name:
  - Kanban Bug Screen
  - Kanban Default Issue Screen
  no_create: true
  tabs:
    Asset:
    - Tenable Asset UUID
    - Tenable IPv4
    Vulnerability:
    - Tenable CVE
    - Teanble First Found
    - Tenable State
service:
  interval: 24
tenable:
  access_key: <REDACTED>
  address: null
  chunk_size: 1000
  page_size: 1000
  password: null
  platform: tenable.io
  port: 443
  query_id: null
  secret_key: <REDACTED>
  severity_prioritization:
    critical: 1
  tio_age: 30
  tio_severities:
  - critical
  - high
  tio_tags:
  - key: environment
    value: qa21
  username: null

`

[lisaegor1]

@spatelte Is the Tenable Platform required custom field? {"method": "POST", "url": "https://<JIRA_CLOUD_HOST>/rest/api/3/issue", "params": {"update_history": false}, "body": {"fields": {"project": {"key": "VULN"}, "issuetype": {"id": 10003}, "null": "Tenable.io", "customfield_10036": "8068d618-6781-45f9-8e0f-4a35d45c96b8", "customfield_10037": "172.27.3.20", "customfield_10038": "2021-12-15T09:03:30.495Z", "customfield_10039": "OPEN", "summary": "[qa21-dg2.localdomain/0/UNKNOWN] [118595] Amazon Linux AMI : openssl (ALAS-2018-1098)", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2018-0732 ) "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Run 'yum update openssl' to update your system. "}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Output"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Name : openssl\nVersion : 1:1.0.2k-8.107.amzn1\nFixed version : 1.0.2k-13.111.amzn1 "}]}]}, "parent": {"key": "VULN-21"}}}} Because i dont have it, but plugin want to provide information about platform: "null": "Tenable.io". And i dont know how to avoid this.

[spatelte]

@lisaegor1 yes, integration-jira-cloud custom fields, which are mentioned in the default config.yml.

[lisaegor1]

@spatelte Thanks for the answer. Tell me, please, the plugin creates about 35 fields for the plugin and I specified only 5 of them inside config.py, then why does the plugin try to use a field that I did not specify? And what are your recommendations for reducing the number of fields for the plugin? As I understand it, it's better not to change config.py and create your own config.yaml initially and specify there the fields with the id that the plugin should use. And then use setup mode. I'm right? I just initially changed the fields in config.py and then used setup mode. Could this be the reason for the error I got?

[lisaegor1]

Ok, i fixed that, but got another one. @spatelte 2022-11-22 18:18:42,087 tenable_jira.jira.Jira DEBUG Request: {"method": "POST", "url": "https://<JIRA_CLOUD_HOST>/rest/api/3/search", "params": {}, "body": {"jql": "project = \"VULN\" and issuetype = \"Sub-task\" and status not in (Closed, Done, Resolved) and \"Tenable CVE\" in (CVE-2021-3927,CVE-2021-3928,CVE-2021-4192,CVE-2021-4173,CVE-2021-4193,CVE-2021-4166,CVE-2021-4187,CVE-2021-3973,CVE-2021-3984,CVE-2021-4069,CVE-2021-4136,CVE-2021-3974,CVE-2021-4019,CVE-2021-3903,CVE-2021-3968) and \"Tenable Asset UUID\" ~ \"791dc875-a300-4a60-ba6a-89f5175f6fba\" and \"Tenable IPv4\" ~ \"172.27.3.36\" and \"Tenable First Found\" ~ \"2022-03-23T16:12:25.955Z\" and \"Tenable State\" ~ \"OPEN\""}} 2022-11-22 18:18:42,408 urllib3.connectionpool DEBUG https://<JIRA_CLOUD_HOST>:443 "POST /rest/api/3/search HTTP/1.1" 400 None 2022-11-22 18:18:42,409 restfly.errors.BadRequestError ERROR [400: POST] https://<JIRA_CLOUD_HOST>/rest/api/3/search body=b'{"errorMessages":["The operator \'in\' is not supported by the \'Tenable CVE\' field."],"warningMessages":[]}'

[spatelte]

@lisaegor1 it's not reproduceable on our end looks like configuration issue with custom fields, set up documentation might help you for Tenable Jira cloud integration.

[lisaegor1]

Hello @spatelte ! Yeah, it was on my side. CVE field had another type. In the documentation CVE field must be label, but label or text field type dont help. Still have the same issue. But everything work now without this field. Very useful plugin, thanks for it. I know that the plugin creates one general task and binds subtasks to it. Does the plugin create all known general tasks or only those that were seen in the report? See attachment on one screenshot there are main tasks and related subtasks. And on the second screenshot you can see that there is only the main task without subtasks. Is it ok for this plugin?