Closed jacksonblalock closed 4 months ago
bump
Looks like you may have a permissions issue with the api keys you have associated to the integration. Please ensure that the user has the "can view" permission to "all assets" in TVM's access control
Replaced jira api key with new one, code ran same as last time but didn't populate the project with issues. View permissions are granted as the user account has admin permissions in the project. issue_debug.md
Hmm, looks like the export is still not picking up any data.
2024-03-28 12:46:34,057 tenable.io.exports.iterator.ExportsIterator DEBUG {'uuid': 'e4a535e0-ba5a-40c2-93c4-70a2650afd4c', 'status': 'FINISHED', 'chunks_available': [], 'chunks_failed': [], 'chunks_cancelled': [], 'total_chunks': 1, 'chunks_available_count': 1, 'empty_chunks_count': 1, 'finished_chunks': 1, 'filters': {'severity': ['HIGH', 'CRITICAL'], 'state': ['OPEN', 'REOPENED'], 'tags': {}, 'since': 0, 'first_found': 0, 'last_found': 1709013600, 'last_fixed': 0, 'first_seen': 0, 'last_seen': 0, 'indexed_at': 0, 'indexed_at_end_value': 0}, 'num_assets_per_chunk': 1000, 'created': 1711647991641, 'chunks_unfinished': []} and []
The timestamp from the run is looking for vulnerabilities from "Tuesday, February 27, 2024 6:00:00 AM GMT" that are high and critical.
2024-03-28 12:46:31,441 tenable.io.TenableIO DEBUG Request: {"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"num_assets": 1000, "include_unlicensed": true, "filters": {"last_found": 1709013600, "severity": ["high", "critical"]}}}
May I suggest you update the config file as such (note the spacing, yaml is picky about it)
jira:
address: <REDACTED>
api_token: <REDACTED>
api_username: <REDACTED>
project:
leadAccountId: <REDACTED>
tenable:
access_key: <REDACTED>
secret_key: <REDACTED>
tio_age: 30
tio_severities:
- critical
- high
- medium
- low
If that works, then you can likely update the config afterwards with a tio_age
of 1
Tried again with tio_age: 30 and the spacing as below in the screenshot, getting same result
Output of troubleshooting: issue_debug.md
Reviewed the export logs from the debug and it appears that the API keys you have provided to the integration may not be able to see any vulnerabilities. It returned an empty vulnerability set from Feb 28th.
Not sure whats going on there but from what I can tell the issue isnt the integrations, but something revolving around the permissions for that API Keyset. No chunks available in either the asset or vuln exports to process.
Checking back in here to see if the issue was resolved? If so, I'd like to close this issue out.
The Jira API keys are from an account with Jira administrator permission and the Tenable API keys are from my Tenable user - do you know how I would troubleshoot the permissions for the API keyset? Are they derived from the user who generated the key?
I would recommend setting up a separate user within TVM (Tenable.io) with only API Key auth and make sure that the user has permissions to "Can View" for "All Assets".
I would never recommend API Key reuse for integrations.
Tenable Jira Cloud integration https://github.com/tenable/integration-jira-cloud is running without errors but no Tenable issues are populating to Jira.
I did the troubleshoot flag and it appears that everything is running well. Do you have any insight on what could be going on here? The troubleshooting file is below:
Tenable Integration Troubleshooting ➜ bin git:(master) ✗ ./tenable-jira --troubleshoot ../tenable_jira.yaml
Configuration File:
Debug Logs
Available IssueTypes
------------------------------------------------------------------------/