AzureFeeds

Microsoft Defender for Cloud (MDC) includes robust Governance features designed to streamline the management of security recommendations across diverse IT environments. This capability is already extensively documented and provides out-of-the-box integration with platforms like ServiceNow, enabling automated ticket creation and governance workflows that enhance operational efficiency. For more details, explore the documentation on Governance here – Drive remediation with governance, and the blog article Best Practices to Manage and Mitigate Security Recommendations.

This blog introduces an exciting new addition: a custom connector enabling MDC to integrate seamlessly with Jira Service Management. Leveraging Azure’s serverless capabilities, this solution allows security recommendations from Defender for Cloud to directly generate service requests in Jira. This integration empowers teams to act swiftly on vulnerabilities, ensuring better collaboration and continuity in managing critical security risks.

Announcing a custom solution that allows MDC to create Service Requests in Jira Service Management

Leveraging Azure’s powerful serverless capabilities, you can build your own bridge to address this immediate need.

This is a custom solution to provide the option for creating a Service Request within Jira Service Management, based on Defender for Cloud Security Recommendations.

Architecture Overview:

• Microsoft Defender for Cloud Workflow Automation: This native MDC feature initiates the process, configured to trigger an action when a recommendation is generated.
  


• Azure Functions: These provide the serverless compute power to handle specific, granular tasks. Separate functions can be dedicated to interacting with the Jira Service Management API (for creating and assigning issues) and potentially the MDC API (for updating recommendation status or adding notes).
  


• Azure Logic App: Serving as the workflow orchestrator, the Logic App is triggered by MDC Workflow Automation. It manages the sequence of steps required to process the recommendation and interact with external systems.
  

Benefits of This Azure-Powered Approach:

This architecture, built with Azure Logic Apps and Azure Functions, offers significant benefits for your custom solution:

1. Immediate Implementation: By building with readily available Azure services, you can implement a functional integration quickly, providing immediate relief and continuity in managing critical vulnerabilities.


2. Flexibility and Customization: Your custom Logic App workflow and Azure Functions can be precisely tailored to your organization’s unique Jira setup and specific requirements, going beyond the potential limitations of a generic connector.

Adaptability: This modular, serverless design makes it easy to adapt and modify your integration as your security needs or Jira configurations evolve.

Configuring Defender for Cloud Workflow Automation to create Jira Service Requests

You don’t have to build this solution entirely from scratch! You can get the code for this specific Logic App and Azure Function-based Jira Service Management connector on the official Microsoft Defender for Cloud GitHub repository. You can obtain the necessary ARM templates and function code directly from here:

https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation/Jira-Service-Management-Request-Connector

To deploy and configure the Logic App and Azure Functions into your Azure environment, simply follow the detailed instructions provided in the README.md file within that GitHub directory. The README will guide you through the deployment process, including setting up the necessary connections and configurations for your Jira Service Management instance.

Now that you have the custom connector (Logic App and Azure Functions) in place, the final piece is to tell Microsoft Defender for Cloud when to trigger this workflow. This is done using Defender for Cloud’s Workflow Automation feature.

Here’s how to configure it:

1. Navigate to Workflow Automation: In the Azure portal, go to Microsoft Defender for Cloud. In the sidebar menu, under the “Management” section, select Workflow automation.


2. Create a New Automation Rule: Click the + Add workflow automation button at the top of the Workflow automation page. This will open a configuration pane for your new automation rule.


3. Define the Automation Rule Details:




• Name: Give your automation rule a descriptive name (e.g., “Trigger Jira Service Request for High Severity Recommendations”).


• Subscription: Select the Azure subscription(s) where this rule should apply. You can select multiple subscriptions or management groups.


• Resource group: Choose the resource group in which the Workflow automation will be stored




4. Configure the Trigger Condition: This is where you specify what event in Defender for Cloud will initiate your workflow.




• Select Recommendations from Defender for Cloud data type (optionally you can also choose Regulatory Compliance Standards) – Don’t use Security Alerts as they are suitable for incident thickets rather than service requests.


• Condition: This is crucial. Define the specific conditions that should trigger the Jira ticket creation. You’ll want to filter recommendations based on severity, specific recommendation type, and state. For example:




• When security recommendation severity is High


• When security recommendation severity is Medium or higher


• When security recommendation name is ‘SQL databases should have vulnerability assessment findings resolved’


• When the recommendation state is Unhealthy






5. Define the Action: Now, tell Defender for Cloud to execute your Logic App.




• Action: Select “Trigger Logic App”.


• Logic app: Browse and select the Azure Logic App you built for your custom Jira connector. Ensure the Logic App is in the same tenant or a connected tenant.




6. Enable and Create:




• Ensure Enable is set to “On”.


• Click Create.

Once created, this workflow automation rule will monitor Defender for Cloud recommendations based on your defined criteria. When a matching recommendation is generated or updated, it will automatically trigger your designated Azure Logic App. The Logic App will then execute its workflow, leveraging the Azure Functions to interact with the Jira Service Management API and create the corresponding Service Request, effectively closing the loop between identifying a security issue and initiating its remediation in your team’s primary work management tool. The security recommendations will then be Delegated (Assigned) with due date and the Owner set to reflect the Jira Service Request ID.

The screenshot below illustrates how the security recommendation details will appear in Jira after the Logic App executes its workflow, and the related Jira request ID will appear in the Recommendation along with the due date. It shows key fields such as the recommendation name, severity, state, and the Jira Service Request ID, ensuring that all relevant information is seamlessly integrated for effective tracking and resolution. This view helps your team quickly understand the context and prioritize actions accordingly.

Microsoft Defender for Cloud – Additional Resources

• Download the new Microsoft CNAPP eBook at aka.ms/MSCNAPP


• Become a Defender for Cloud Ninja by taking the assessment at aka.ms/MDCNinja

Reviewers

Yuri Diogenes, Principal PM Manager, CxE Defender for Cloud