Integration Brief

Atlassian and Rapid7 Nexpose® Streamlining Vulnerability Remediation Workflow

Solution Overview

INTEGRATION BENEFITS Being proactive about security means more than simply conducting frequent security assessments of your enterprise assets. The key to • Streamlined IT workflow by securing your organization is applying the proper remediation steps in utilizing the native ticketing order to mitigate the risk of vulnerabilities. One of the challenges facing solution leveraged by the IT many organizations is incorporating the remediation lifecycle into their operations team in-house ticketing solution already in place. Integrating Rapid7 Nexpose with JIRA, solves this problem by automatically creating tasks • Automatic ticket generation when new vulnerabilities are discovered and gives the operations within Jira after a Nexpose scan manager the ability to assign the tickets to the correct remediation is completed teams. With remediation tasks in JIRA, the organization now has the ability to report on which tickets have been successfully closed and • Flexible ticket creation that can compare them on the subsequent scans to see if they have been truly be customized to open tickets remediated. by a specific severity threshold, sites, or asset groups How it Works • Easy to configure and deploy A Nexpose scan is conducted to assess the risk posture of the systems within an organization. The vulnerability data is then processed for each host. Next, at a periodic interval, the JIRA connector is run to query Nexpose for the latest vulnerabilities and create the remediation tickets. A JIRA Administrator can then assign the tickets to the proper teams for remediation.

| Rapid7.com Overview of Integration Process HOW IT WORKS STEP 1: Nexpose performs security assessment. Create remediation tickets using STEP 2: Nexpose processes vulnerabilities per host. Nexpose vulnerability data to allow your teams to effectively STEP 3: Connector runs to query Nexpose for vulnerability data and prioritize remediation efforts to creates tasks in JIRA via the API. reduce risk in your environment.

STEP 4: A JIRA administrator reviews the tickets created and WHAT YOU NEED: assigns them to their respective remediation teams. • Rapid7 Nexpose 5.x • JIRA 6.x with valid access privileges

Streamlining vulnerability remediation workflow with Nexpose and JIRA

Figure 1

About Atlassian About Rapid7

Atlassian unlocks the potential in every team. Our Rapid7’s IT security data and analytics and products help teams collaborate, build software and serve services help organizations reduce the risk of a breach, their customers better. Nearly 40,000 large and small detect and respond to attacks, and build effective IT organizations – including Citigroup, eBay, Coca-Cola, security programs. With comprehensive real-time data and NASA – use Atlassian’s tracking, collaboration, collection, advanced correlation, and unique insight into communication, service management and development attacker techniques, Rapid7 strengthens an enterprise’s products to work smarter and deliver quality results on ability to defend against everything from opportunistic time. Learn about products including JIRA, , drive-by attacks to advanced threats. Unlike traditional HipChat, and Stash at http://atlassian.com. vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, we offer unmatched capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,500 organizations across 78 countries, including 30% of the Fortune 1000. To learn more about Rapid7, visit www.rapid7.com.

| Rapid7.com