Jira#
Version: 1.0.0 · Category: Ticketing · Plan: Base+
Sync investigation findings directly to Jira — create incidents, update status, and pull task lists — without leaving AttackTrace.
Tools#
create_issue — Create ticket#
Create a Jira issue, supporting:
| Parameter | Required | Description |
|---|---|---|
project_key |
✓ | Project key (e.g. SOC, SEC) |
summary |
✓ | Ticket title |
issue_type |
✓ | Issue type: Bug / Task / Story / Incident |
description |
— | Ticket body (Jira text format or Markdown) |
priority |
— | Priority: Highest / High / Medium / Low / Lowest |
assignee |
— | Assignee (username) |
labels |
— | Labels list |
due_date |
— | Due date (YYYY-MM-DD) |
components |
— | Component names |
custom_fields |
— | Custom fields (JSON key-value) |
get_issue — Get ticket#
Retrieve the full details of a Jira issue, including:
- All fields and values
- Comment history
- Attachment list
- Linked issues
update_issue — Update ticket#
Update one or more fields of a Jira issue:
- summary, description, priority, assignee, due_date, labels, status, custom_fields
add_comment — Add comment#
Add a comment to an issue, supporting:
comment: plain text or Jira text formatvisibility: limit visibility to a specific role or group
transition_issue — Status transition#
Move an issue to the next workflow status (e.g. "In Progress" → "Done"). Use get_issue first to view available transitions.
search_issues — Search tickets#
Full JQL (Jira Query Language) search:
| Parameter | Default | Description |
|---|---|---|
jql |
Required | JQL query statement |
max_results |
50 | Maximum results to return |
fields |
All fields | Fields to return |
Common JQL examples:
project = SOC AND status = "In Progress" AND assignee = currentUser()
labels = "incident" AND priority in (Highest, High) AND created >= -7d
text ~ "185.220.101.1" ORDER BY created DESC
get_projects — Project list#
List all accessible Jira projects, including:
- Project key and name
- Project type (Software / Business / Service Management)
Configuration#
| Item | Description |
|---|---|
JIRA_URL |
Jira platform URL (e.g. https://yourcompany.atlassian.net) |
JIRA_EMAIL |
Account email |
JIRA_API_TOKEN |
API token (Jira Cloud) or Personal Access Token (Jira Server) |
!!! info "Getting an API token" Jira Cloud: id.atlassian.com/manage-profile/security/api-tokens
Jira Server/Data Center: User settings → Personal Access Tokens
Investigation workflow#
1. search_issues jql:"project=SOC AND labels=malware AND created>=-7d"
→ Find tickets related to malware over the past week
2. create_issue project_key:"SOC" summary:"Suspicious C2 traffic from 185.220.101.1"
issue_type:"Incident" priority:"High"
description:"Threat intelligence indicates suspicious infrastructure. First seen on gateway firewall 2026-02-15..."
→ Create an investigation ticket
3. add_comment issue_key:"SOC-1234"
comment:"Evidence summary added from the investigation workspace. Recommended next step: validate with firewall and SIEM evidence."
→ Add investigation findings to the ticket
4. transition_issue issue_key:"SOC-1234" transition_name:"In Progress"
→ Update ticket status to start remediation
5. update_issue issue_key:"SOC-1234" assignee:"alice" due_date:"2026-02-20"
→ Assign and set a due date