Sentinel’s JIRA playbook : is it only for cloud instances or also on-premise ?

Question

Hello,

I read this documentation : https://learn.microsoft.com/en-us/connectors/jira/?source=docs and it is not mentionned if it works only for cloud or if on-premise instances are also supported.

On my side, I tried it with my on-premise instance, the goal is only create new ticket on each new sentinel incident, but it only worked with an administrator account. If on-premise instance are supported, can you tell me what permissions are required to make this playbook work properly ? Or at least, can you tell me which API endpoint you use in your code to create tickets ? This should help me understand why I cannot create ticket with an agent account.

Best regards.

Answer 1

Are you using the built-in Playbook or creating your own? https://github.com/Azure/Azure-Sentinel/blob/21aee31590f3440dc028be82ce638474b636bafc/Solutions/AtlassianJiraAudit/Playbooks/Sync-AssignedUser/readme.md If the built-in one works then you could use that 'as is' or amend, or just look at how they do this.

Please "Accept the answer" if this reply helped? This will help us and others in the community as well.

Answer 2

Hello,

We tried the built-in Playbook. It works but only with an administrator account, which is a security defect.
We have also seen on github the other playbook you mentionned but haven’t tried it yet. Same question : the documentation isn’t clear about the Jira instance. Does it work for both Cloud and On-Premise instances ?

Best regards

Answer 3

By chance were you able to get an answer or be able to get this to work? We are attempting to implement this as well.