Storage

Introduction

IBM Storage Insights (SI) is a software-as-a-service (SaaS) solution that identifies incidents across storage systems that it monitors. These incidents can range from minor system glitches to critical security vulnerabilities (like ransomware). Once an incident is identified, a Jira bug can be created to track and manage it. For example, a potential Ransomware attack needs to be triaged by security analysts by analyzing it and correlating the information from different sources. 

In this blog post, you will learn how to send SI Ransomware alerts notifications in real-time to Jira and create a bug automatically in a Jira project to help analysts triage the issue. 

Webhook Integration Between IBM Storage Insights and Jira

First, you need to configure Jira to receive incoming webhooks. The webhook URL obtained will be used to configure webhook in IBM Storage Insights.

To create and configure an incoming webhook in Jira, you'll need to follow these steps:

1. Log in to Jira as an Administrator

• Ensure you have Jira administrator privileges to configure automation rules.

2. Navigate to Jira Automation Settings

• Click the gear icon (⚙️) in the top-right corner to go to Jira Settings.
• From the settings menu, select "System" under the Jira Administration section.
• On the left sidebar, scroll down to the "Automation" section and click on "Global Automation".

3. Create a New Automation Rule

• In the Global Automation section, click on the "Create rule" button to create a new automation rule.

4. Select "Incoming Webhook" as the Trigger

• In the Trigger section, choose the "Incoming webhook" trigger. This is the starting point for the rule, where the webhook will be received from IBM Storage Insights.

• Jira will create a unique webhook URL that IBM Storage Insights can send HTTP POST requests to.

• The webhook URL will look something like this:

  https://automation.atlassian.com/pro/hooks/xy0a5e445dce2be101b8ea38061929ddf8282991

• This URL requires no authentication, so adequate security measures need to be applied to protect it. 

  

5. Configure the Webhook URL

• Copy the URL and configure IBM Storage Insights to send JSON data to this URL.

  

6. Define Actions for the Automation Rule

After the webhook is triggered, you can define the actions Jira should take. You could use actions such as:

• Create Issue: Automatically create a new Jira issue when an incoming webhook is received (e.g., a ransomware alert).

To set up actions, follow these steps:

1. Click Add component under the Actions section.
2. Choose the action type you want, for example:
   • Create Issue: Set fields like Summary, Description, Priority, Labels, etc., based on the incoming webhook data.
     
     
   • Here we're setting the description of the bug as the Ransomware payload received from the webhook. You can extract fields from the payload if you want to see only specific information, e.g., {{webhookData.name}}.

7. Test the Webhook and Automation Rule

• Once the rule is configured, test the webhook by sending a sample request from IBM Storage Insights.
  
  
• This will create a bug in your project in Jira.
  
  

Conclusion

By setting up an incoming webhook in Jira, we can seamlessly integrate with IBM Storage Insights to automate the creation and management of issues based on real-time alerts. This integration streamlines incident management workflows and helps ensure timely and efficient responses to critical incidents such as ransomware attacks.