Skip to content

Commit

Permalink
add cases GH and GL integrations and drift stuff (#380)
Browse files Browse the repository at this point in the history 
* add cases GH integration

* try and fix import

* add GL empty mdx

* add GL empty mdx

* change GH to fine-grained access tokens

* add GL docs

* change diagrams

* cases-wide changes to broaden integrations

* note about token approval

* tweaks

* backup so far

* put drift back in

* changes per @tas50 review
  • Loading branch information
@misterpantz
misterpantz authored Sep 27, 2024
1 parent de785ec commit 118d969
Show file tree
Hide file tree
Showing 18 changed files with 311 additions and 56 deletions.
20 changes: 9 additions & 11 deletions docs/platform/cases/advisories.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,14 @@
---
title: Create Cases from Advisories
sidebar_label: Create Cases from Advisories
sidebar_position: 5
sidebar_position: 70
description: Cases, which integrate with your ticket system, allow you to track remediation of important security findings. Create a case from an advisory to track work on that advisory within your existing workflow.
image: /img/featured_img/mondoo-feature.jpg
---

Use cases to track the work of fixing advisories in your existing workflow. When a Mondoo space has the [cases feature configured](/platform/cases/overview/), any team member can create a case from an advisory. Creating a case can:

- Create a new a Jira issue

- Create a new Zendesk ticket
- Directly create a new a Jira issue, GitHub issue, GitLab issue, or Zendesk ticket

- Send an email message to the recipient of your choice, such as a listener for your ticket, issue tracking, or project management software

Expand Down Expand Up @@ -38,20 +36,20 @@ import Partial from "../partials/_editor-owner.mdx";

![Create a new case in Mondoo](/img/platform/cases/new-case.png)

6. In the **Integration** box, select the where you want Mondoo to add or send the case information and provide a specific destination:

- If you select a direct Jira integration, in the **Project** box, select the name of the project where you want to create an issue.

- If you select an email integration, in the **Recipient** box, select where to send an email message with the case details.
6. In the **Integration** box, specify where you want Mondoo to add or send the case information.

7. Edit the issue summary as you wish and select the **CREATE CASE** button.
7. Edit the issue summary or title as you wish and select the **CREATE CASE** button.

Mondoo creates a new case in the space and then creates a corresponding Jira issue or Zendesk ticket or sends email to the selected recipient.
Mondoo creates a new case in the space and then creates a corresponding issue or ticket in your ticket system, or sends email to the selected recipient.

## Learn more

- [Track and Fix Findings with Cases and Your Ticket System](/platform/cases/overview/)

- [Set up Cases and GitHub](/platform/cases/setup-github/)

- [Set up Cases and GitLab](/platform/cases/setup-gitlab/)

- [Set up Cases and Jira](/platform/cases/setup/)

- [Set up Cases and Zendesk](/platform/cases/setup-zendesk/)
Expand Down
20 changes: 9 additions & 11 deletions docs/platform/cases/checks.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,14 @@
---
title: Create Cases from Checks
sidebar_label: Create Cases from Checks
sidebar_position: 6
sidebar_position: 80
description: Cases, which integrate with your ticket system, allow you to track remediation of important security findings. Create a case from a check to track work on that check within your existing workflow.
image: /img/featured_img/mondoo-feature.jpg
---

Use cases to track the work of fixing failed checks in your existing workflow. When a Mondoo space has the [cases feature configured](/platform/cases/overview/), any team member can create a case from an advisory. Creating a case can either:

- Create a new a Jira issue

- Create a new Zendesk ticket
- Directly create a new a Jira issue, GitHub issue, GitLab issue, or Zendesk ticket

- Send an email message to the recipient of your choice, such as a listener for your ticket, issue tracking, or project management software

Expand Down Expand Up @@ -38,20 +36,20 @@ import Partial from "../partials/_editor-owner.mdx";

![Create a new case in Mondoo](/img/platform/cases/new-case-check.png)

6. In the **Integration** box, select the where you want Mondoo to add or send the case information and provide a specific destination:

- If you select a direct Jira integration, in the **Project** box, select the name of the project where you want to create an issue.

- If you select an email integration, in the **Recipient** box, select where to send an email message with the case details.
6. In the **Integration** box, specify where you want Mondoo to add or send the case information.

7. Edit the issue summary as you wish and select the **CREATE CASE** button.
7. Edit the issue summary or title as you wish and select the **CREATE CASE** button.

Mondoo creates a new case in the space and then creates a corresponding Jira issue or Zendesk ticket or sends email to the selected recipient.
Mondoo creates a new case in the space and then creates a corresponding issue or ticket in your ticket system, or sends email to the selected recipient.

## Learn more

- [Track and Fix Findings with Cases and Your Ticket System](/platform/cases/overview/)

- [Set up Cases and GitHub](/platform/cases/setup-github/)

- [Set up Cases and GitLab](/platform/cases/setup-gitlab/)

- [Set up Cases and Jira](/platform/cases/setup/)

- [Set up Cases and Zendesk](/platform/cases/setup-zendesk/)
Expand Down
75 changes: 70 additions & 5 deletions docs/platform/cases/manage.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Manage Cases
sidebar_label: Manage Cases
sidebar_position: 7
sidebar_position: 90
description: Cases, which integrate with Atlassian Jira, allow you to track remediation of important security findings. View cases and close them in Mondoo or Jira. Change cases settings in the Mondoo space settings.
image: /img/featured_img/mondoo-feature.jpg
---
Expand Down Expand Up @@ -68,19 +68,80 @@ import Partial from "../partials/_editor-owner.mdx";

:::note

Closing an ticket or issue in your ticket system or does not close the corresponding case in Mondoo. If you create cases using a direct Jira or Zendesk integration, a space-wide setting controls whether closing a case in Mondoo automatically closes the corresponding issue in Jira. To learn more, read the section below.
Closing an ticket or issue in your ticket system or does not close the corresponding case in Mondoo. If you create cases using a direct integration with your ticket system, a space-wide setting controls whether closing a case in Mondoo automatically closes the corresponding issue/ticket in your ticket system. To learn more, read the section below.

:::

### Choose whether to closes tickets/issues when you close cases
## Automatically create cases on drift

Drift occurs when, instead of improving security, an asset becomes _more_ vulnerable to attack:

- An asset previously passed a check in a policy but is now failing that check

- Mondoo previously did not detect a vulnerability on an asset, but now does detect that vulnerability

It's important to catch drift quickly. Mondoo makes that possible with automatic drift detection. When an asset becomes less secure, Mondoo can automatically create a case to alert you of the change and track the work on resolving the problem.

The space setting **Automatically create cases on drift** controls whether Mondoo creates a case when it detects drift.

![Cases space settings in Mondoo](/img/platform/cases/space-settings.png)

To enable or disable automatic drift cases:

<Partial />{" "}

1. Navigate to the space where you want to change the drift setting.

2. In the navigation sidebar, select **Settings** and then select the **Cases** tab.

3. Enable or disable **Automatically create cases on drift**.


### Choose a destination for drift cases

Like all cases, Mondoo can share automatically created drift cases with your ticket system. When you add a new ticket integration for cases, you choose whether to create drift issues/tickets. You can also change this option any time in the space settings: Enable or disable **Create drift issues in this integration**. For direct integrations, you also specify the default destination for drift tickets/issues.

To choose a destination for automatic drift cases:

<Partial />{" "}

1. Navigate to the space where you want to change the drift setting.

2. In the navigation sidebar, select **Settings** and then select the **Cases** tab.

3. Locate the settings for your integration and enable or disable **Create drift issues/tickets in this integration**.

4. For direct integrations, specify where to create drift issues/tickets.

### Group similar drift occurrences into one case

If the same drift occurs on multiple assets, you may not want a separate case for each asset. Mondoo can group the drift detection of multiple assets into a single case. To do this, it waits a configurable period of time before finalizing a case and creating an issue or ticket in your ticket system.

For example, suppose you configure Mondoo to create a new case and a corresponding Jira issue whenever it detects drift. You also configure Mondoo to wait four hours to group multiple instances of the same drift into one case. Mondoo scans asset 1, which fails check X. Mondoo identifies that asset 1 previously passed check X. This is drift, so Mondoo generates a case. However, Mondoo doesn't immediately save the case or create a Jira issue. Instead, Mondoo waits four hours to determine if any other assets also have incurred drift on check X. During these four hours, asset 5 and asset 6, which previously passed check X, now fail check X. Instead of creating new cases for assets 5 and 6, Mondoo adds information about assets 5 and 6 to the case initially created for asset 1. Now there is a single case with information about the three assets that incurred drift on check X. When four hours have passed, Mondoo creates a single Jira issue with the details about asset 1, asset 5, and asset 6 all incurring drift on check X.

The **Aggregation window** space setting controls how long Mondoo waits to group similar drift occurrences in a single case. You either choose a time period or choose **No aggregation** to create a unique case (and corresponding issue or ticket) for each asset that incurs the same drift.

To automatically group similar drift occurrences into one case:

<Partial />{" "}

1. Navigate to the space where you want to change the drift settings.

2. In the navigation sidebar, select **Settings** and then select the **Cases** tab.

3. In the **Aggregation window** drop-down list, choose how long to wait to detect the same drift on other assets before finalizing a case and creating an issue/ticket in your ticket system.

## Choose whether to close tickets/issues when you close cases

![Space-wide cases settings](/img/platform/cases/space-settings.png)

You can choose whether to close the corresponding Jira issue or Zendesk ticket when you close a case in the Mondoo Console. This setting applies only to direct Jira or Zendesk integrations, not to email integrations.
You can choose whether to close the corresponding issue or ticket in your ticket system when you close a case in the Mondoo Console. This setting applies only to direct integrations, not to email integrations.

<Partial />{" "}

1. Navigate to the space where you want to change the closing behavior.

2. In the navigation sidebar, select **Settings**.
2. In the navigation sidebar, select **Settings** and then select the **Cases** tab.

3. Enable or disable **Automatically close tickets**.

Expand All @@ -89,6 +150,10 @@ You can choose whether to close the corresponding Jira issue or Zendesk ticket w

- [Track and Fix Findings with Cases and Your Ticket System](/platform/cases/overview/)

- [Set up Cases and GitHub](/platform/cases/setup-github/)

- [Set up Cases and GitLab](/platform/cases/setup-gitlab/)

- [Set up Cases and Jira](/platform/cases/setup/)

- [Set up Cases and Zendesk](/platform/cases/setup-zendesk/)
Expand Down
43 changes: 30 additions & 13 deletions docs/platform/cases/overview.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,37 +2,52 @@
title: Track and Fix Findings with Cases and Your Ticket System
sidebar_label: Overview
sidebar_position: 1
description: Cases allow you to track remediation of important security findings in your Ticket system of choice, such as Jira or Zendesk.
description: Cases allow you to track remediation of important security findings in your Ticket system of choice, such as Jira, GitHub, GitLab, or Zendesk.
image: /img/featured_img/mondoo-feature.jpg
---

import casesDirectDiagram from "/img/platform/cases/cases-direct-diagram.png";
import casesEmailDiagram from "/img/platform/cases/cases-email-diagram.png";

The work of improving your security posture can be daunting. Mondoo finds security issues in your infrastructure and prioritizes them so you know what problems to fix first. But how do you track the fixes and ensure that the work is completed? How do you communicate the most important tasks to your team?

*Cases* allow you to turn security findings into tasks to complete. They integrate with your ticket system (issue tracking software), such as Zendesk or Atlassian Jira, to fit into your existing workflow.
*Cases* allow you to turn security findings into tasks to complete. They integrate with your ticket system (issue tracking software), such as Zendesk, GitHub, GitLab, or Atlassian Jira, to fit into your existing workflow.

When you see a security finding that requires fixing, you create a case for that finding. In the new case, Mondoo automatically includes the details of the finding, information on the asset(s) containing the finding, and instructions for fixing it. When you save the case, Mondoo can do any of these actions:

- Directly create a GitHub issue

When you see a security finding that requires fixing, you create a case for that finding.In the new case, Mondoo automatically includes the details of the finding, information on the asset(s) that contain the finding, and instructions for fixing it. When you save the case, Mondoo can do any of these actions:
- Directly create a GitLab issue

- Directly create a Jira issue

- Directly create a Zendesk ticket

- Send an email message to your ticket system (or any destination)

## Directly integrate cases with Jira
## Directly integrate cases with your ticket system

If you directly configure cases with your ticket system, Mondoo creates a corresponding issue or ticket for every new case. Then you can plan, schedule, and track remediation work within your team's existing project workflow.

If you directly configure cases with your Jira instance, Mondoo creates a corresponding Jira issue for every new case. Once Mondoo creates an issue in Jira, you can plan, schedule, and track remediation work within your team's existing project workflow.
<img src={casesDirectDiagram} width="600" />

![Cases in Mondoo and issues in Jira](/img/platform/cases/cases-jira-diagram.png)
Get started with a direct integration:

## Directly integrate cases with Zendesk
- [GitHub](/platform/cases/setup-github/)

If you directly configure cases with your Zendesk account, Mondoo creates a corresponding Zendesk ticket for every new case. Once Mondoo creates a ticket in Zendesk, you can plan, schedule, and track remediation work within your team's existing project workflow.
- [GitLab](/platform/cases/setup-gitlab/)

![Cases in Mondoo and tickets in Zendesk](/img/platform/cases/cases-zendesk-diagram.png)
- [Jira](/platform/cases/setup/)

- [Zendesk](/platform/cases/setup-zendesk/)

## Integrate cases with your ticket system using email

If you configure cases to send email to your ticket system, each time you create a new case, Mondoo sends an email message to the recipient you choose. Typically, this is the email address set up as a listener (or similar service) for your ticket, project management, or issue tracking software. Some examples are the Zendesk email channel, ServiceNow inbound email, and the Jira incoming mail handler.

![Cases in Mondoo and issues in Jira](/img/platform/cases/cases-email-diagram.png)
<img src={casesEmailDiagram} width="600" />

Get started with an [email integration](/platform/cases/setup-email/).

## Track and fix findings

Expand All @@ -42,14 +57,16 @@ You can view and close cases in the Mondoo Console. When you set up cases in a M

The email messages or Jira issues that Mondoo creates based on cases include all the details necessary for infrastructure owners to remediate findings. This gives all team members the information they need to address security issues, even if they don't have access to Mondoo.

Tracking and fixing findings with cases and your Ticket system involve:

- Setting up cases with a [direct Jira integration](/platform/cases/setup/), a [direct Zendesk integration](/platform/cases/setup-zendesk/), or an [email integration](/platform/cases/setup-email/)
Tracking and fixing findings with cases and your ticket system involve:

- [Creating cases from advisories](/platform/cases/advisories/)

- [Creating cases from checks](/platform/cases/checks/)

- [Viewing and closing cases and managing cases settings](/platform/cases/manage/)

## Automatically create cases when drift is detected

If an asset has become more exposed to attack since the last time Mondoo scanned it, that's _drift_. Mondoo can create a case when it detects drift. It can even group together multiple instances of the same drift on different assets. To learn more, read [Automatically create cases on drift](/platform/cases/manage#automatically-create-cases-on-drift).

---
6 changes: 4 additions & 2 deletions docs/platform/cases/setup-email.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Set up Cases to Email Your Ticket System
sidebar_label: Set up Cases with Email
sidebar_position: 4
sidebar_position: 30
description: Mondoo cases, which you can integrate with your ticket, issue tracking, or project management software, allow you to track remediation of important security findings. Set up an integration to start using cases and include Mondoo data in your regular project workflow.
image: /img/featured_img/mondoo-feature.jpg
---
Expand Down Expand Up @@ -44,7 +44,9 @@ You can set up multiple recipients for case email messages. When you create a ne

6. To add another option for where to send case email messages, select ***ADD A RECIPIENT** and provide the details for Recipient 2, 3, and so on.

7. Select the **CREATE INTEGRATION** button.
7. To create a case and send email when an asset becomes more exposed to attack, enable **Create drift email to this recipient** and choose the recipient. To learn more, read [Automatically create cases on drift](/platform/cases/manage#automatically-create-cases-on-drift).

8. Select the **CREATE INTEGRATION** button.

## Learn more

Expand Down
Loading

0 comments on commit 118d969

Please sign in to comment.