Issue #679 resolved
created an issue

HI Team, We have a requirement from one of our clients, so could you please help in letting me know if the below requirements can be fulfilled: 1) One of the features that is to open tickets only if there are specific key words in email subject v/s opening ticket for every email that comes in today. We need this feature primarily for email notifications from tools like Nagios/WhatsUpGold. These tools send out an email notification for every Up/Down status changes resulting into lot of false positive tickets. So, is there a way where this plugin checks the provided keywords from the Summary and open new tickets. 2) Also can we auto close JIRA tickets for same primary field (host/IP) if Up/Resolved email comes within X minutes with the help of Validators/Post-functions while an issue is being created? Above customizations are required when an issue is created automatically by sending emails to Jira with the help of workflow validators/conditions/post-functions.

Thanks you, Nikhil Kumar

Comments (32)

  1. Fidel Castro Armario repo owner

    Hi Nikhil,

    You can implemente your first requirement by adding "Boolean validator with math, date-time or text-string term" validator to Create Issue transition with a boolean expression like this one:

    "key_word_1" in toLowerCase(%{00000}) OR
    "key_word_2" in toLowerCase(%{00000}) OR
    "key sentence 1" in toLowerCase(%{00000}) OR
    "key sentence 2" in toLowerCase(%{00000})

    where %{00000} is field code for Summary.

    Note that key words and key sentences in the boolean expression must be written in lower case.

  2. Nikhil reporter

    Hello Fidel,

    In the first implementation i can either use word or sentence or it must be combination of both? Can you give me few examples for better understanding?

    For the 2nd one: I am unsure how it is but it must be creating new issues as that is what their problem is. Are workarounds for both are different?

  3. Fidel Castro Armario repo owner

    Hi @Nikhil,

    For your first requirement, simply write in double quotes the words or combinations of words that you require in the email's subject, in order to actually create an issue. Example:

    "failure" in toLowerCase(%{00000}) OR
    "system down" in toLowerCase(%{00000}) OR
    "ip not responding" in toLowerCase(%{00000}) OR
    "error" in toLowerCase(%{00000})

    I have proposed a case ignoring approach in order to make it less prone to errors due to bad writing, but you can use the following expression too:

    "failure" in %{00000} OR
    "System Down" in %{00000} OR
    "IP not responding" in %{00000} OR
    "ERROR" in %{00000} OR

    In relation to second requirement it will require to create an issue and immediately auto-close it and the ones with same host/IP field.

    Can you, please, attach a screenshot with an real "Up/Resolved" email, and the corresponding issue created by that email?

  4. Nikhil reporter

    I am checking with my employee and will send you once i receive them.

    And also is there a way we can set the priority of the issue based on the contents like summary or description of the incoming email by which the jira issue is created? Like based on the few keywords in the summary the priority must be set accordingly. As of now the defaultis medium but we need them to be assigned according to the summary.


  5. Fidel Castro Armario repo owner

    Yes, you can set Priority based on the Summary using "Set a field as a function of other fields" post-function in Create Issue transition with a configuration like this one:

    Captura de pantalla 2017-07-10 a las 19.23.38.png

    Setting rules in the example are:

    i(.*system down.*)Critical
    i(.*ip not responding.*)High

    Write your setting rules by priority in descending order, like shown in the example.

  6. Nikhil reporter

    So, after within braces, can we have sentences for example entire summary which has more 3 words?

    Can we have a skype call tomorrow or day after and configure this at 3pm ist if you are available? Or what are your work timings?


  7. Fidel Castro Armario repo owner

    Hi @Nikhil,

    You can write in your setting rules a substring that you are looking for in your summary. For example, a summaries like "Found system down at 14:35 on 2017/07/10." and "System Down found at IP" will match setting rule i(.*system down.*)Critical.

    Please, first try to configure it yourself, and if you find real problems to do it, we can have a Skype screen-share. Thanks.

  8. Nikhil reporter

    Can we use the above rule to restrict creating issues in Jira as well? For eg: Jira should only create a ticket if the keyword we provided is available somewhere either in Summary or in Description field else it should not and for rest of others it should create.


  9. Nikhil reporter

    For 1st scenario: What should we set in the below 2 fields: NUMERICAL AND DATE-TIME TERMS Numeric and Date-Time field values: insert field codes with format {nnnnn}. and TEXT-STRING TERMS Text-String field values: insert field codes with format %{nnnnn} or %{nnnnn.i} for referencing levels in cascading select fields (i = 0 for base level).


  10. Fidel Castro Armario repo owner

    Hi @Nikhil,

    Sorry, my boolean expression for the validator that implements your first requirements was not correct. I'm correcting it now.

    If you want to restrict issue creation if Summary or Description doesn't contain any of the key words you should use a boolean validator with the following boolean expression:

    "key_word_1" in %{00000} OR 
    "key_word_1" in %{00001} OR
    "key_word_2" in %{00000} OR 
    "key_word_2" in %{00001} OR
    "key_word_3" in %{00000} OR 
    "key_word_3" in %{00001}

    where %{00000} is field code for Summary, and %{00001} is field code for Description.

  11. Nikhil reporter

    Okay, so it automatically looks for the keyword provided for the corresponding field and restricts to create Jira ticket? Because, the keyword can be anywhere in the summary so don't we need to give any regex expression to neglect space before and after?

  12. Fidel Castro Armario repo owner

    In relation to your last question, the dropdown fields Numeric and Date-Time field values and Text-String field values are not configuration parameter, but helpers to inject field codes in your expressions.

    They work as follows:

    1. Select in the dropdown list the field whose string or numerical value you want to use in your formula.
    2. Click on the button at the right of the dropdown list where you selected the field.

    The following screenshot shows how to insert a numerical field value:


    Numerical field values use syntax {nnnnn}, while string field values use %{nnnnn}, where nnnnn is the field code.

  13. Fidel Castro Armario repo owner

    A expression like "string_a" in "string_b" looks whether "string_a" is contained in "string_b". It doesn't matter that string_b has multiple lines, i.e., contains return characters.

  14. Nikhil reporter

    Is the below validator correct?

    The transition requires the following criteria to be valid: Only users with Create Issues permission can execute this transition. Only if the following boolean expression is true: "DOWN" in %{Summary} OR "State: DOWN" in %{Description} Message to show when validation fails: "Please check with your Jira administrator if you are receiving this message".

  15. Fidel Castro Armario repo owner

    It's correct. but take into account the following points:

    • Any issue being created will require that summary contains substring "DOWN" or description contains substring "State: DOWN" respecting the case, i.e. with "down" or "state: down" validation will not pass.
    • Issues created manually by human users will also require to pass the validator.
  16. Nikhil reporter

    But can we implement my other requirements in the same workflow? What if the Priority based issue creation won't have the above keywords? As of now, Jira creates tickets based on the contents in the alerts received from SIEM tools like Splunk/QRadar. Irrespective of the priority that email alert has, Jira only creates issue with Default Medium priority. So, I need to change this setup, so that whatever the priority is there in the email, Jira must create issue with the same priority.As of now this is a manual task to change Priority and I need to make this automated.


  17. Nikhil reporter

    Hello @Fidel Castro Armario,

    Can we have the above configuration for multiple keywords for single priority? In the below example, if the Description has "Report Phishing SOC" it sets issue to Critical and if the alert comes from "" issue will be set to High. But can we have multiple keywords or IP's in single expression separated by some delimiters like comma or anything else?

    During my testing, issue got created when there was only IP and High priority issue was created, but when I added "Report Phishing SOC" in the same expression, the there was no issue created. Any idea where mistake went. Attaching the mail I sent to create Critical priority task for which the Jira issue did not get created.

    The field Priority will be set according to the evaluation of Description against the following set of rules: i(.Report Phishing SOC.)Critical i(.


  18. Nikhil reporter

    Hello @Fidel Castro Armario ,

    Can we add multiple keywords for setting a Priority which will be helpful for multiple issuetypes for same project? Right now there is only "system down" for Critical, can we have multiple such keywords for the same Critical priority separated by some delimiters?

    i(.system down.)Critical i(.ip not responding.)High i(.failure.)Medium i(.error.)Medium

  19. Nikhil reporter

    Tried this but didn't work, all issue are getting created with the default Medium. Please help me finding a way to have multiple keywords for a single priorty.

    The field Priority will be set according to the evaluation of Summary against the following set of rules: i(.Report Phishing SOC.,.Malware.)Critical i(.High.,.Test.)High i(.failure.)Medium i(.Nagios.)Medium This feature will be run as user in field Current user.

  20. Fidel Castro Armario repo owner

    Hi @Nikhil,

    Sorry, for the delay in my response.

    Only one setting rule per line can be added, but you can add as many setting rules as you need. Setting rules are evaluated in order of appearance, and once a setting rule is matched, logically the rest of the setting rules are discarded, since we can only assign a value to a field, except multi-valued fields (e.g., Affected versions or Components).

    You can add more than one setting rule for a same priority value. Example:

    i(.*Report Phishing SOC.*)Critical
  21. Nikhil reporter

    Is there any other way where we can implement this as we have loads of such keywords or IP's address that needs to be fetched. We need to reduce this manual maintenance and make it automated.


  22. Fidel Castro Armario repo owner

    You can also use the following equivalent setting rules:

    i(.*(Report Phishing SOC|Malware).*)Critical

    There is also the possibility of implementing a solution based on project properties, but all those heywords will be visible in the project description.

    The solution would be like this:

    1) Create 3 project properties like these ones:

    {critical=Report Phishing SOC|Malware}

    2) Use setting rules like these ones:

    [matches(%{00001}, "(?i).*(" + projectProperty("critical") + ").*")]Critical
    [matches(%{00001}, "(?i).*(" + projectProperty("high") + ").*")]High
    [matches(%{00001}, "(?i).*(" + projectProperty("medium") + ").*")]Medium

    where %{00001} is field code for Description.

    With these solution you only have to edit the project properties in the project description for adding or removing keywords.

  23. Nikhil reporter
    • changed status to open

    Hi Fidel,

    I had to reopen this ticket as I am stuck with some confusion for setting priority based on keywords like Critical, High, Medium or Low from Summary field. The Summary for one of the incoming alerts is "MTSBLUEF:Medium:Critical Alert from IDS" where the summary has both Medium and Critical keywords where Medium is the priority value.

    But issue is getting created with Critical priority. So, can you please help me in resolving this confusion?

    Here is the post-function:

    The field Priority will be set according to the evaluation of Summary against the following set of rules: i(.Critical.)Critical i(.High.)High i(.Medium.)Medium i(.Low.)Low

    Please help me asap.


  24. Log in to comment