Create a Jira issue - Cluster

  • Updated on Mar 10, 2025
  • Published on Oct 8, 2024
Prev Next

This recipe will trigger whenever a cluster is created on Hunters, creating a corresponding Jira issue in your Jira instance. This will help you keep your Jira service desk project updated and synced with the Hunters SOC platform.

📘Note

This process requires Jira admin permissions. Make sure you have those enabled before starting.

To create a Jira issue for a cluster:

Step 1: Set up Jira

1. Create custom fields

📘 Note

This process requires Jira admin permissions. Make sure you have those enabled before starting.

  1. From your Jira settings, select Issues.

  2. From the left-side menu, navigate to Custom fields and then click Create custom field.

  3. Create the following custom fields:

    Field name

    Type

    Values

    Cluster UUID

    Short text

    Detector

    Short text

    Leads in cluster

    Number

    Lead UUID

    Short text

    Link to cluster

    Short text

    Incident Statistic

    Short text (Read only)

    Investigation state

    Select list (Single choice)

    Initial

    In progress

    Ignored

    Completed

2. Create a Jira project

  1. Open Jira and navigate to Projects > Create project.

  2. From the project templates list, select Service management and then select Blank project.

  3. On the next page click on Create blank project.

  4. Under Project type, select a company-managed project and finalize the project creation.

3. Create a request type and assign fields

  1. From your new project, navigate to Project settings.

  2. Now, navigate to Request types > Create request type > Create blank.

  3. Create a new request type with the following details and then click Add:

    • Name - Incident

    • Portal group - General

    • Issue type - Task

  4. Add the following custom fields to the Incident request type by dragging and dropping them from the right-side Fields panel, and click on Save changes:

    • Link to cluster

    • Cluster UUID

    • Detector

    • Leads in cluster

  5. Navigate to the Issue view tab and drag and drop the Incident Statistic field into the Description fields section. Then click on Save changes.

  6. From your project settings, navigate to Issue types and click Sub-task.

  7. Change the view to Fields view and scroll all the way down the list.

  8. From the Select field… dropdown list, select the following fields to add them to the Sub-task:

    • Detector

    • Lead UUID

    • Investigation state

4. Create Jira automation

  1. From your new project, navigate to Project settings.

  2. Now, navigate to Automation and click on Create rule.

  3. Click Rule details and name the rule Statistics Calculation.

  4. Click the trigger step to return to the rule setup. Search for and select the Issue updated trigger and then click Next.

  5. Now, add the following steps to the automation in this order:

    Operator

    Action

    Details

    THEN

    Lookup Issue

    JQL: parent = {{issue.key}}

    AND

    Create Variable

    Variable name: TotalIssues

    Smart value: {{lookupIssues.size}}

    AND

    Lookup Issue

    JQL: parent = {{issue.key}} and Status = Open

    AND

    Create Variable

    Variable name: OpenIssues

    Smart value: {{lookupIssues.size}}

    AND

    Lookup Issue

    JQL: parent = {{issue.key}} and Status = WIP

    AND

    Create Variable

    Variable name: WIPIssues

    Smart value: {{lookupIssues.size}}

    AND

    Lookup Issue

    JQL: parent = {{issue.key}} and Status = Done

    AND

    Create Variable

    Variable name: DoneIssues

    Smart value: {{lookupIssues.size}}

    AND

    Edit Issue

    Field: Incident Statistic

    Value: Total : {{TotalIssues}} | Open : {{OpenIssues}} | WIP : {{WIPIssues}} | Done : {{DoneIssues}}

  6. Turn on the rule.

  7. From your project menu, select Queues > All open.

  8. From the queue menu, click Edit queue.

  9. Under the Filter by section, click More + > Request Type > Incident.

  10. Under Columns, add the Leads in cluster column and click Save.

Step 2: Set up Hunters

1. Open the required template

  1. From the Hunters menu, navigate to Workflows > Workflow Manager.

    image.png

  2. Under Projects, navigate to Automated Workflows > Jira.

  3. Locate the Create a formatted issue in Jira - Cluster recipe, click on the menu and then select Clone. This will ensure you don’t override the template so you can use it again in the future.

  4. Rename the recipe and click Edit.

2. Connect your Hunters account

💡Tip
If you’ve already connected Hunters to a recipe before, you can simply select the connection from the list and skip to the next step.

  1. Follow these guidelines to create a Hunters API token with a Customer role (or higher).

  2. Copy the Client ID and Client secret provided in the token creation process.

  3. Navigate back to the recipe and click the Trigger step to edit it.

  4. On the right side panel, name your connection and paste the Client ID and Client secret in the appropriate fields.

  5. Select your Region based on the region set up for you upon Hunters tenant creation.

  6. Click Connect.

3. Connect your Jira account

💡Tip
If you’ve already connected Jira to a recipe before, you can simply select the connection from the list and skip to the next step.


  1. From the recipe flowchart click step 3 (“Search issues by JQL in Jira”) to connect the Jira account relevant to this process.

  2. On the right-side panel, name your connection, select an Authentication type and complete the required authentication details.

  3. Click Connect.

  4. In the JQL query string field, replace the project value with the name of the Jira project you created in the previous steps, and update the "cluster uuid" field to match the corresponding custom field you created.

    💡TIP

    These fields are case sensitive and should be identical to the values from your Jira project.


4. Connect your Jira Service Desk account

  1. From the recipe flowchart click step 6 (“Create customer request in jira Service desk”) to connect the Jira Service account relevant to this process.

  2. Complete the connection information (similar to the previous step), and click Connect.

    After establishing the connection, more fields will appear.

  3. From the Service Desk field, select the project you’ve created in the previous steps.

  4. From the Request type field, select Incident.

    💡TIP

    Even if the fields are already filled with the correct value, delete it and reselect the value.

  5. Scroll down to the Request section and open the available optional fields.

  6. From the available fields select the below fields and click Apply changes:

    • Link to cluster

    • Cluster UUID

    • Detector

  7. Fill in the fields with data from Step 1 of this workflow:

    1. Click the field’s text box and then click Recipe Data to open the data selection popup.

    2. Search for the required value from the data gathered in step 1 and click to add it.

      By the end of this process, you should achieve the following mapping:

      • Link to cluster = Threat link

      • Cluster UUID = Threat UUID

      • Detector = Detector Title


5. Finalize workflow settings

  1. From the recipe flowchart click step 8 (“Create issues in Jira”).

  2. Edit the fields as follows:

    • Project issue type - Your project name : Sub-task. For instance, CSOC : Sub-task

    • Sample project issue type - Your project name : Sub-task. For instance, CSOC : Sub-task

  3. Make sure your other fields are set up as in this image:

  4. From the recipe flowchart click step 9 (“Update issues in Jira”).

  5. From the Sample project issue type field, select your project name : Task .

  6. Make sure your other fields are set up as in this image:

6. Save and activate the recipe

  1. Once done, click Save and then Exit.

       
  2. Now click Start recipe to activate the workflow.

    image.png