Skip to content

Jira & ServiceNow Integration

RhythmX integrates with Jira and ServiceNow to push incidents as tickets into your existing IT service management workflow. Tickets can be created manually by analysts or automatically when incidents exceed severity thresholds — ensuring critical threats are tracked in your organization's ticketing system without manual copy-paste.

How It Works

flowchart TD
    A["Incident Created<br><i>Auto or Manual</i>"] --> B{"Severity<br>Check"}

    B -->|"Above Threshold"| C["Auto-Push<br><i>If enabled</i>"]
    B -->|"Any Severity"| D["Manual Push<br><i>Analyst clicks Create Ticket</i>"]

    C --> E{"Target<br>System"}
    D --> E

    E -->|"Jira"| F["Jira Cloud / Server<br><i>REST API v3</i>"]
    E -->|"ServiceNow"| G["ServiceNow<br><i>Table API</i>"]

    F --> H["Ticket Created<br><i>ID + URL stored on incident</i>"]
    G --> H

    H --> I{"Success?"}
    I -->|"Yes"| J["Incident Updated<br><i>Ticket reference linked</i>"]
    I -->|"No"| K["Retry Queue<br><i>Exponential backoff</i>"]
    K -->|"Up to 5 retries"| E

    style A fill:#4a148c,stroke:#9c27b0,color:#fff
    style B fill:#1a237e,stroke:#534bae,color:#fff
    style C fill:#e65100,stroke:#ff9d3f,color:#fff
    style D fill:#0d47a1,stroke:#42a5f5,color:#fff
    style E fill:#00695c,stroke:#4db6ac,color:#fff
    style F fill:#1a237e,stroke:#534bae,color:#fff
    style G fill:#1a237e,stroke:#534bae,color:#fff
    style H fill:#1b5e20,stroke:#4c8c4a,color:#fff
    style I fill:#00695c,stroke:#4db6ac,color:#fff
    style J fill:#1b5e20,stroke:#4c8c4a,color:#fff
    style K fill:#b71c1c,stroke:#f05545,color:#fff

Configuration

Jira

Setting Description
URL Your Jira instance URL (e.g., https://yourcompany.atlassian.net)
Email Jira account email for API authentication
API Token Jira API token (generated from Atlassian account settings)
Project Key The Jira project where tickets will be created (e.g., SEC)
Issue Type Ticket type to create (default: Task)
Enabled Toggle the Jira integration on or off

ServiceNow

Setting Description
Instance Your ServiceNow instance name (e.g., yourcompany.service-now.com)
Username ServiceNow account username
Password ServiceNow account password
Assignment Group Default group for ticket assignment
Enabled Toggle the ServiceNow integration on or off

Test Connection

After configuring credentials, use the Test Connection button to verify connectivity before enabling the integration. The test creates a minimal API call to confirm authentication and access.

Checking Integration Status

The Integration Status view shows which systems are configured and enabled at a glance:

Field Description
Configured Whether credentials have been provided
Enabled Whether the integration is active
Last Test Timestamp of the most recent connection test

Manual Ticket Creation

From any incident detail view, analysts can:

  1. Preview Ticket — See exactly what the ticket summary, description, and priority will look like before pushing
  2. Create Ticket — Select Jira or ServiceNow and push the incident

On success, the incident record is updated with the external ticket ID and URL for cross-referencing.

Ticket Content

Every ticket includes comprehensive context from the incident:

Section Content
Actor Information Actor name, type (user/host/IP), entity
Risk Assessment Risk score (0–100), risk level, severity, 7-factor breakdown
Activity Summary Total alarms, threat cases, unique rules triggered, primary detection rule
Timeline First alert and last alert timestamps, active duration
SLA Status SLA target, current status, percentage consumed
MITRE ATT&CK Coverage Detected tactics and techniques
Alert Rules Top 10 firing rules with overflow count
Investigation Notes Analyst notes (if present)

Priority Mapping

Ticket priority is automatically set based on risk level:

Risk Level Jira Priority ServiceNow Priority
Critical Highest 1 — Critical
High High 2 — High
Medium Medium 3 — Medium
Low Low 4 — Low

Auto-Push

When enabled, RhythmX automatically pushes qualifying incidents to Jira and/or ServiceNow immediately after creation — no analyst intervention required.

How Auto-Push Works

  1. A new incident is created (via automatic qualification or manual promotion)
  2. The incident's severity is compared against the configured minimum severity threshold
  3. If the incident qualifies, a ticket is created in each configured target system
  4. The ticket reference is stored on the incident

Severity Determination

Risk Score Severity
≥ 85 CRITICAL
≥ 70 HIGH
≥ 40 MEDIUM
< 40 LOW

Auto-Push Configuration

Setting Default Description
Minimum Severity CRITICAL Only push incidents at or above this severity
Target Systems Jira Which systems to push to (jira, servicenow, or both)

Delivery Retry

When a ticket creation fails (network timeout, API error, authentication issue), the system handles it gracefully:

  1. The failure is logged with the error details
  2. The failed delivery is enqueued for automatic retry
  3. Retries use exponential backoff — each successive attempt waits longer before retrying
  4. A maximum of 5 retry attempts is allowed

Retry Configuration

Setting Default Description
Max Attempts 5 Maximum number of delivery attempts
Base Delay 60 seconds Initial wait time before first retry
Max Delay 3,600 seconds (1 hour) Maximum wait time between retries

The retry processor runs on a 2-minute schedule, checking for pending retries and attempting redelivery.

Integration Workflow Summary

Step Who What Happens
1. Configure Admin Set up Jira and/or ServiceNow credentials in System Settings
2. Test Admin Verify connectivity with the Test Connection button
3. Enable Admin Toggle the integration on and configure auto-push thresholds
4. Auto-Push System Qualifying incidents are automatically pushed as tickets
5. Manual Push Analyst Optionally push any incident to Jira/ServiceNow from the detail view
6. Track Analyst Ticket references (ID + URL) are stored on the incident for cross-referencing
7. Retry System Failed deliveries are automatically retried with exponential backoff