Update documentation for security ticketing integration #33621
Conversation
Preview links (active after the
|
| - Code Security (in [Findings][5]) | ||
| - Cloud Security (in [Findings][11]) | ||
| - Cloud SIEM (in [Signals][4]) | ||
| - Code Security (in [Vulnerabilities][5]) | ||
| - App and API Protection (in [Signals][6]) | ||
| - Workload Protection (in [Signals][7]) | ||
| - App and API Protection (in [Signals][6] and [Findings][12]) | ||
| - Workload Protection (in [Signals][7] and [Findings][13]) |
There was a problem hiding this comment.
The links in those bullet points lead to a 404
| - App and API Protection | ||
| - Workload Protection |
There was a problem hiding this comment.
It's only true for their findings based explorers. Their signals explorers only offers non bi-synced CM tickets
| 1. Open Code Security [Vulnerabilities][5]. | ||
| 2. Open any vulnerability. | ||
| 1. Open Code Security [findings][5]. | ||
| 2. Open any finding. | ||
| 3. Locate the **Create Ticket** option. The option is available in **Next Steps** or **Repositories** (in **Libraries (SCA)**). | ||
| 4. Click the **Jira** tab. | ||
| 5. Verify the **Sync with Datadog (via Case Management)** section exists. |
There was a problem hiding this comment.
I think the steps are not generic enough and it might not be clear for someone quickly going through the doc that it works for other finding types.
Maybe something like this would be better:
1. Open any supported product (and add links to code sec, cloud sec, etc.)
2. Open a Security Finding
3. Locate the **Create Ticket** option. The option is available in **Next Steps** or **Repositories** (in **Libraries (SCA)**). The button will open a **Create ticket** modal
4. Click the **Jira** tab.
5. Verify the **Case Management <-> Jira Integration** section exists.
And add a screenshot with the expected result of the modal
| The following steps create a bidirectional Case Management ticket for a Code Security finding. | ||
|
|
||
| 1. Open Code Security [Vulnerabilities][5]. | ||
| 2. Open any vulnerability. | ||
| 1. Open Code Security [findings][5]. | ||
| 2. Open any finding. | ||
| 3. Locate the **Create Ticket** option. The option is available in **Next Steps** or **Repositories** (in **Libraries (SCA)**). | ||
| 4. Click the **Jira** tab. You can use a new or existing ticket. Let's look at creating new Jira ticket. | ||
| 5. In **Sync with Datadog (via Case Management)**, complete the following settings: |
There was a problem hiding this comment.
Same comment as above about the generality of the steps.
Also the title of the section is Create bidirectional Case Management tickets but we talking about creating bi-synced Jira issues in the steps.
Maybe we could rename the section Create bidirectional tickets, keep the shared steps (1-3) and have collapsable sections for each ticketing tool (CM, Jira and soon SNOW) like CM did:
| The following steps create a bidirectional Case Management ticket for a Code Security finding. | ||
|
|
||
| 1. Open Code Security [Vulnerabilities][5]. | ||
| 2. Open any vulnerability. | ||
| 1. Open Code Security [findings][5]. | ||
| 2. Open any finding. | ||
| 3. Locate the **Create Ticket** option. The option is available in **Next Steps** or **Repositories** (in **Libraries (SCA)**). | ||
| 4. Click the **Jira** tab. You can use a new or existing ticket. Let's look at creating new Jira ticket. | ||
| 5. In **Sync with Datadog (via Case Management)**, complete the following settings: |
There was a problem hiding this comment.
The Sync with Datadog (via Case Management) text is not in the modal anymore. iirc it was replaced with this and the rest of the config is done by clicking Manage
|
|
||
| Notes: | ||
|
|
||
| - Once you select a **Case Management project**, you can click **Edit integration** to verify that the integration is configured with **Two-way sync**. |
There was a problem hiding this comment.
Not sure of what the exact intent of this note but the Edit integration does not exist on our modal
|
|
||
| In **Datadog Associated Case**, the related Datadog case is provided. Click the case name to open it in [Case Management][1]. | ||
|
|
||
| Deleting a case does not delete related Jira tickets, but deleting a case project detaches all tickets from related signals. |
There was a problem hiding this comment.
This part is confusing since there is no explicit way for users to delete cases.
| In **Datadog Associated Case**, the related Datadog case is provided. Click the case name to open it in [Case Management][1]. | ||
|
|
||
| Deleting a case does not delete related Jira tickets, but deleting a case project detaches all tickets from related signals. | ||
|
|
There was a problem hiding this comment.
We could add some more information:
- detaching a case/Jira issue does not delete it
- if there are no findings left in the ticket, it will be closed (same thing for resolution/mute)
- and vice-versa for the auto-opening
What does this PR do? What is the motivation?
Update documentation for security ticketing integration following recent improvements. Main changes are:
https://datadoghq.atlassian.net/browse/SEC-24540
Merge instructions
Merge readiness: