Jira Remediation Guide
Please see below for our best practices on how to remediate findings for Nightfall for Jira.
See below for Nightfall's recommended workflow for dealing with alerts generated from Jira.
For historical scan results in Jira, we recommend that you first group and prioritize the results. Open the Jira tickets with priority violations, and delete the sensitive finding(s). Delete all items that contain sensitive findings, including screenshots and attachments as well.
This may be handled by your team, or by the end user, depending on your organization’s needs and access settings.
We are excited to announce that Nightfall for Jira now includes Remediation actions. This includes both Manual and Automated Actions.
You can now take Manual or Automated actions, directly from the Jira alerts that are created (via Slack or Email)
- 1.Notify file owner (via both Slack or email)
- 2.Redact sensitive findings directly in Jira itself
- 3.Delete attachment (if the finding is alerting on an attachment file)
Below, you can find an example Jira alert, in Slack, that includes remediation options, below the Finding Snippet:
Nightfall Alert for Jira, including Remediation Action Options
Alert is sent to an Email:
We would then select 'Notify via Email'. The offending user will then seen an email, similar to the one below:
An alert is generated in your Slack channel:
Alert is generate
Here, we select the 'Notify via Slack' option from the bottom of the alert to trigger a notification to the offending User, for the sensitive information that was detected. The notification that is sent to them can be seen below:
These same actions can be automated as well, from the console directly. See below.
Below, you can see the Automated Actions that can be set from the Nightfall Policy directly, from within the console:
Automated Actions for Jira, to be taken from the Console
We recommend starting with manual remediation, to understand the desired practices for your environment, and once comfortable, you can then enable automated actions from the policy to establish secure Jira workflows.