Auto Open/Close Jira tickets
Issue #679
resolved
HI Team, We have a requirement from one of our clients, so could you please help in letting me know if the below requirements can be fulfilled: 1) One of the features that is to open tickets only if there are specific key words in email subject v/s opening ticket for every email that comes in today. We need this feature primarily for email notifications from tools like Nagios/WhatsUpGold. These tools send out an email notification for every Up/Down status changes resulting into lot of false positive tickets. So, is there a way where this plugin checks the provided keywords from the Summary and open new tickets. 2) Also can we auto close JIRA tickets for same primary field (host/IP) if Up/Resolved email comes within X minutes with the help of Validators/Post-functions while an issue is being created? Above customizations are required when an issue is created automatically by sending emails to Jira with the help of workflow validators/conditions/post-functions.
Thanks you, Nikhil Kumar
Comments (32)
-
repo owner
-
repo owner
A question: What action is currently being taken by JIRA when "Up/Resolved" emails are received? Are new issues being created, or is a comment added to a previously created issue?
-
reporter
Hello Fidel,
In the first implementation i can either use word or sentence or it must be combination of both? Can you give me few examples for better understanding?
For the 2nd one: I am unsure how it is but it must be creating new issues as that is what their problem is. Are workarounds for both are different?
-
repo owner
Hi @nikhil_dsv,
For your first requirement, simply write in double quotes the words or combinations of words that you require in the email's subject, in order to actually create an issue. Example:
"failure" in toLowerCase(%{00000}) OR "system down" in toLowerCase(%{00000}) OR "ip not responding" in toLowerCase(%{00000}) OR "error" in toLowerCase(%{00000})I have proposed a case ignoring approach in order to make it less prone to errors due to bad writing, but you can use the following expression too:
"failure" in %{00000} OR "System Down" in %{00000} OR "IP not responding" in %{00000} OR "ERROR" in %{00000} ORIn relation to second requirement it will require to create an issue and immediately auto-close it and the ones with same host/IP field.
Can you, please, attach a screenshot with an real "Up/Resolved" email, and the corresponding issue created by that email?
-
reporter
I am checking with my employee and will send you once i receive them.
And also is there a way we can set the priority of the issue based on the contents like summary or description of the incoming email by which the jira issue is created? Like based on the few keywords in the summary the priority must be set accordingly. As of now the defaultis medium but we need them to be assigned according to the summary.
Nikhil
-
repo owner
Yes, you can set Priority based on the Summary using "Set a field as a function of other fields" post-function in Create Issue transition with a configuration like this one:
Setting rules in the example are:
i(.*system down.*)Critical i(.*ip not responding.*)High i(.*failure.*)Medium i(.*error.*)MediumWrite your setting rules by priority in descending order, like shown in the example.
-
reporter
So, after within braces, can we have sentences for example entire summary which has more 3 words?
Can we have a skype call tomorrow or day after and configure this at 3pm ist if you are available? Or what are your work timings?
Nikhil
-
repo owner
Hi @nikhil_dsv,
You can write in your setting rules a substring that you are looking for in your summary. For example, a summaries like
"Found system down at 14:35 on 2017/07/10."and"System Down found at IP 10.0.0.125"will match setting rulei(.*system down.*)Critical.Please, first try to configure it yourself, and if you find real problems to do it, we can have a Skype screen-share. Thanks.
-
reporter
Can we use the above rule to restrict creating issues in Jira as well? For eg: Jira should only create a ticket if the keyword we provided is available somewhere either in Summary or in Description field else it should not and for rest of others it should create.
Nikhil
-
reporter
For 1st scenario: What should we set in the below 2 fields: NUMERICAL AND DATE-TIME TERMS Numeric and Date-Time field values: insert field codes with format {nnnnn}. and TEXT-STRING TERMS Text-String field values: insert field codes with format %{nnnnn} or %{nnnnn.i} for referencing levels in cascading select fields (i = 0 for base level).
Nikhil
-
repo owner
Hi @nikhil_dsv,
Sorry, my boolean expression for the validator that implements your first requirements was not correct. I'm correcting it now.
If you want to restrict issue creation if Summary or Description doesn't contain any of the key words you should use a boolean validator with the following boolean expression:
"key_word_1" in %{00000} OR "key_word_1" in %{00001} OR "key_word_2" in %{00000} OR "key_word_2" in %{00001} OR "key_word_3" in %{00000} OR "key_word_3" in %{00001}where
%{00000}is field code for Summary, and%{00001}is field code for Description. -
reporter
Okay, so it automatically looks for the keyword provided for the corresponding field and restricts to create Jira ticket? Because, the keyword can be anywhere in the summary so don't we need to give any regex expression to neglect space before and after?
-
repo owner
In relation to your last question, the dropdown fields Numeric and Date-Time field values and Text-String field values are not configuration parameter, but helpers to inject field codes in your expressions.
They work as follows:
- Select in the dropdown list the field whose string or numerical value you want to use in your formula.
- Click on the button at the right of the dropdown list where you selected the field.
The following screenshot shows how to insert a numerical field value:
Numerical field values use syntax
{nnnnn}, while string field values use%{nnnnn}, where nnnnn is the field code. -
repo owner
A expression like
"string_a" in "string_b"looks whether"string_a"is contained in"string_b". It doesn't matter that string_b has multiple lines, i.e., contains return characters. -
reporter
Is the below validator correct?
The transition requires the following criteria to be valid: Only users with Create Issues permission can execute this transition. Only if the following boolean expression is true: "DOWN" in %{Summary} OR "State: DOWN" in %{Description} Message to show when validation fails: "Please check with your Jira administrator if you are receiving this message".
-
repo owner
It's correct. but take into account the following points:
- Any issue being created will require that summary contains substring "DOWN" or description contains substring "State: DOWN" respecting the case, i.e. with "down" or "state: down" validation will not pass.
- Issues created manually by human users will also require to pass the validator.
-
reporter
But can we implement my other requirements in the same workflow? What if the Priority based issue creation won't have the above keywords? As of now, Jira creates tickets based on the contents in the alerts received from SIEM tools like Splunk/QRadar. Irrespective of the priority that email alert has, Jira only creates issue with Default Medium priority. So, I need to change this setup, so that whatever the priority is there in the email, Jira must create issue with the same priority.As of now this is a manual task to change Priority and I need to make this automated.
Nikhil
-
repo owner
Yes, you can. Simply add "Set a field as a function of other fields" post-function to Create Issue transition with a configuration like this one:
Setting rules in the example are:
i(.*system down.*)Critical i(.*ip not responding.*)High i(.*failure.*)Medium i(.*error.*)MediumWrite your setting rules by priority in descending order, like shown in the example.
-
repo owner
- changed status to resolved
-
reporter
Hello @fcarmario,
Can we have the above configuration for multiple keywords for single priority? In the below example, if the Description has "Report Phishing SOC" it sets issue to Critical and if the alert comes from "34.185.195.35" issue will be set to High. But can we have multiple keywords or IP's in single expression separated by some delimiters like comma or anything else?
During my testing, issue got created when there was only IP and High priority issue was created, but when I added "Report Phishing SOC" in the same expression, the there was no issue created. Any idea where mistake went. Attaching the mail I sent to create Critical priority task for which the Jira issue did not get created.
The field Priority will be set according to the evaluation of Description against the following set of rules: i(.Report Phishing SOC.)Critical i(.34.185.195.35.)High
Nikhil
-
reporter
Jira Issue for this email did not get created
-
reporter
- changed status to open
Opening to track this feature
-
reporter
Hello @fcarmario ,
Can we add multiple keywords for setting a Priority which will be helpful for multiple issuetypes for same project? Right now there is only "system down" for Critical, can we have multiple such keywords for the same Critical priority separated by some delimiters?
i(.system down.)Critical i(.ip not responding.)High i(.failure.)Medium i(.error.)Medium
-
reporter
Tried this but didn't work, all issue are getting created with the default Medium. Please help me finding a way to have multiple keywords for a single priorty.
The field Priority will be set according to the evaluation of Summary against the following set of rules: i(.Report Phishing SOC.,.Malware.)Critical i(.High.,.Test.)High i(.failure.)Medium i(.Nagios.)Medium This feature will be run as user in field Current user.
-
repo owner
Hi @nikhil_dsv,
Sorry, for the delay in my response.
Only one setting rule per line can be added, but you can add as many setting rules as you need. Setting rules are evaluated in order of appearance, and once a setting rule is matched, logically the rest of the setting rules are discarded, since we can only assign a value to a field, except multi-valued fields (e.g., Affected versions or Components).
You can add more than one setting rule for a same priority value. Example:
i(.*Report Phishing SOC.*)Critical i(.*Malware.*)Critical i(.*High.*)High i(.*Test.*)High i(.*failure.*)Medium i(.*Nagios.*)Medium -
reporter
Is there any other way where we can implement this as we have loads of such keywords or IP's address that needs to be fetched. We need to reduce this manual maintenance and make it automated.
Nikhil
-
repo owner
You can also use the following equivalent setting rules:
i(.*(Report Phishing SOC|Malware).*)Critical i(.*(High|Test).*)High i(.*(failure|Nagios).*)MediumThere is also the possibility of implementing a solution based on project properties, but all those heywords will be visible in the project description.
The solution would be like this:
1) Create 3 project properties like these ones:
{critical=Report Phishing SOC|Malware} {high=High|Test} {medium=failure|Nagios}2) Use setting rules like these ones:
[matches(%{00001}, "(?i).*(" + projectProperty("critical") + ").*")]Critical [matches(%{00001}, "(?i).*(" + projectProperty("high") + ").*")]High [matches(%{00001}, "(?i).*(" + projectProperty("medium") + ").*")]Mediumwhere
%{00001}is field code for Description.With these solution you only have to edit the project properties in the project description for adding or removing keywords.
-
reporter
- changed status to resolved
Resoling this ticket for now. Will re-open if I get any queries regarding the same requirement.
-
reporter
- changed status to open
Hi Fidel,
I had to reopen this ticket as I am stuck with some confusion for setting priority based on keywords like Critical, High, Medium or Low from Summary field. The Summary for one of the incoming alerts is "MTSBLUEF:Medium:Critical Alert from IDS" where the summary has both Medium and Critical keywords where Medium is the priority value.
But issue is getting created with Critical priority. So, can you please help me in resolving this confusion?
Here is the post-function:
The field Priority will be set according to the evaluation of Summary against the following set of rules: i(.Critical.)Critical i(.High.)High i(.Medium.)Medium i(.Low.)Low
Please help me asap.
Nikhil
-
repo owner
Hi @nikhil_dsv,
Try the following setting rules:
i(.*:Critical:.*)Critical i(.*:High:.*)High i(.*:Medium:.*)Medium i(.*:Low:.*)Low -
reporter
Worked Thank you!! :)
-
reporter
- changed status to resolved
- Log in to comment
Hi Nikhil,
You can implemente your first requirement by adding "Boolean validator with math, date-time or text-string term" validator to Create Issue transition with a boolean expression like this one:
where
%{00000}is field code for Summary.Note that key words and key sentences in the boolean expression must be written in lower case.