search

高级:通过JIRA+Security Hub实现SOC安全运营中心

整合Security Hub和Jira可以实现搭建企业的SOC安全运营中心。发现安全事件的时候通过工单流转的方式通知到负责的同事,将不同部门的人协作起来。能够实现行业的服务管理最佳实践,比如ITIL:

服务管理领域
整合的AWS服务

服务目录管理

AWS Service Catalog, AWS CloudFormation, and AWS Systems Manager Automation requests and provisions vetted and predictable products and performs post-provision actions.

事件管理(Ticketing)

AWS Support (AWS services and platform incidents).

AWS Systems Manager OpsCenter (Jira operational Issues derived and detected for solutions built on AWS platform).

AWS Security Hub (Jira Issues from security Findings).

AWS Systems Manager Incident Manager (AWS services and platform incidents).

服务配置管理(CMDB)

AWS Config (Track AWS resources related to the Jira Issue).

部署指引:

如果想使用自己的集群部署JIRA看这里:https://docs.aws.amazon.com/smc/latest/ag/integrations-jiraservicedesk.htmlarrow-up-right

如果想直接使用SaaS服务看这里:https://docs.aws.amazon.com/smc/latest/ag/integrations-jsmcloud.htmlarrow-up-right

1-注册JIRA账号

注册地址:

https://www.atlassian.com/software/jira/service-management/freewww.atlassian.comchevron-right

帮助文档:

LogoSign up for a Jira Service Management site | Jira Service Management Cloud | Atlassian SupportAtlassian Supportchevron-right

2-安装AWS Service Management Connector for JSM到JIRA

LogoAWS Service Management Connector for JSM | Atlassian MarketplaceAtlassian Marketplacechevron-right

3-部署AWS相关的服务

按照AWS prerequisitesarrow-up-right的指引,开启所需的AWS服务。

下载CloudFormation配置脚本到本地,根据所在的云环境选择: AWS Commercial Regions arrow-up-right and AWS GovCloud Regions.arrow-up-right

  1. 打开控制台,进入CloudFormation;

  2. 进入菜单Stacks,点击Create stack-With new resources(standard)

  3. 上传刚才下载的json文件;

  4. Stack name我用的是:SecurityHub-Jira-Integration

  5. 其他选项都是默认的,点下一步直到提交。

4-配置JIRA

https://docs.aws.amazon.com/smc/latest/ag/jsd-integration-configure-jsd.htmlarrow-up-right

  1. 登录JIRA,如果没有安装好AWS Service Management Connectorarrow-up-right,就再安装一次。

  2. 配置AWS Accounts,装好AWS Service Management Connector就可以点击APP看到3个页签,其中AWS accounts下面点击按钮【Connect new account】:

    1. 输入Account alias:SCSyncUser

    2. Access key ID,可以从刚才安装的CloudFormation的stack的Outputs中看到,复制过来;

    3. Secret access key,也是从刚才安装的CloudFormation的stack的Outputs中看到,复制过来;

    4. Regions选择需要同步的region。

    5. 保存退出

  3. 点击Test Connectivity,看是否可以连接成功。

AWS Service Management Connector for Jira Service Management Cloudarrow-up-right

[Blog]How to set up a two-way integration between AWS Security Hub and Jira Service Managementarrow-up-right

[Youtube]AWS Security Hub - Bidirectional integration with Atlassian Jira Service Managementarrow-up-right

上一页进阶:使用Chef InSpec profiles with Systems Manager实现主机和容器的基线检查下一页合规检测规则集

最后更新于