Skip to main content
All CollectionsTemplatesBasic
Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections - Workflow Template
Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections - Workflow Template

Detect, enrich, alert and auto-assign incidents using Kubernetes namespaces using Sysdig Runtime Threat Intelligence and Detection.

Updated over a week ago

Optimize incident management with Torq's "Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections" workflow template. This workflow automatically handles security incidents from Sysdig by creating and assigning Jira issues based on Kubernetes namespaces, enriching the incident context. It selects a user at random from the associated namespace group in Jira for assignment. If an issue is generated or an error occurs during the automated process, relevant notifications are sent to a designated Slack channel.

Take Me to the Template

Trigger

Use Cases

CSPM , Threat Hunting

Workflow Breakdown

  1. Setup a Sysdig webhook notification channel pointed to the Torq trigger

  2. Receive an event from Sysdig and if above the security boundary, open a Jira issue

  3. In Jira, assign based on the group from the namespaces and assign a user randomly from the group.

  4. Send a Slack message if the issue was created or an error to the Slack channel if the group is not found.

Vendors

Slack, Utils, Jira Cloud

Workflow Output

A Jira issue based on the Sysdig detection and Slack message to a Slack channel.

Related Articles
Jira Enrichment for Hashes Found in Issue Description - Workflow Template
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Handle AWS S3 Bucket Should Enforce HTTPS Alert from Orca - Workflow Template
Enrich SentinelOne Incident with Threat Intelligence from Intezer - Workflow Template
Did this answer your question?