Skip to main content
All CollectionsTemplatesBasic
Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections - Workflow Template
Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections - Workflow Template

Detect, enrich, alert and auto-assign incidents using Kubernetes namespaces using Sysdig Runtime Threat Intelligence and Detection.

Updated over 3 months ago

Optimize incident management with Torq's "Open Jira Issues and Enrich Event on Sysdig Kubernetes Detections" workflow template. This workflow automatically handles security incidents from Sysdig by creating and assigning Jira issues based on Kubernetes namespaces, enriching the incident context. It selects a user at random from the associated namespace group in Jira for assignment. If an issue is generated or an error occurs during the automated process, relevant notifications are sent to a designated Slack channel.

Trigger

Use Cases

CSPM , Threat Hunting

Workflow Breakdown

  1. Setup a Sysdig webhook notification channel pointed to the Torq trigger

  2. Receive an event from Sysdig and if above the security boundary, open a Jira issue

  3. In Jira, assign based on the group from the namespaces and assign a user randomly from the group.

  4. Send a Slack message if the issue was created or an error to the Slack channel if the group is not found.

Vendors

Slack, Utils, Jira Cloud

Workflow Output

A Jira issue based on the Sysdig detection and Slack message to a Slack channel.

Did this answer your question?