Jira & ServiceNow Integration

Automatically create and manage tickets in Jira or ServiceNow for policy violations and security incidents.

Overview

This integration enables:

• Automatic ticket creation for policy violations
• Rich ticket data with context
• Automatic assignment to teams
• Status synchronization between Noxys and ticketing system
• Audit trail of all incidents

Data Flow:

Policy Violation → Noxys Alert → Automatic ticket creation → Assignment → Resolution

Jira Integration

Step 1: Create Jira API Token

Generate credentials for Noxys to access Jira.

1. Jira Cloud → Profile → Settings → API tokens
2. Click Create token
3. Configure:
   • Label: Noxys Integration
4. Copy the API token (shown once)

Step 2: Get Jira Instance Details

Find your Jira instance information.

1. Your Jira Cloud URL: https://your-domain.atlassian.net
2. Your Jira username/email

Step 3: Configure in Noxys

Set up Jira integration in Noxys.

1. Noxys Admin Panel → Integrations → Jira
2. Click Enable Integration
3. Configure:

Field	Value
Instance URL	https://your-domain.atlassian.net
Username	Your Jira email
API Token	From step 1
Project Key	SEC (or your project)

4. Click Test Connection
   • Should show: "✓ Successfully connected to Jira"
5. Click Save

Step 4: Configure Ticket Template

Define how tickets are created.

1. Settings → Ticket Templates → Jira
2. Configure issue type and fields:

Field	Value
Issue Type	Security / Bug / Task
Priority	Based on risk_score
Summary	{action}: {platform_id} - {classification_type}
Description	Include all event details
Labels	noxys, ai-security, {platform_id}
Assignee	Security team (default)

3. Save

Step 5: Create Alert Rules

Configure which violations create tickets.

1. Settings → Ticket Creation Rules
2. Create rules:

Rule 1: Create ticket if
  - Action = BLOCK
  - Risk score >= 0.8
  - Priority = High
  - Assignee = Security team

Rule 2: Create ticket if
  - Risk score >= 0.95
  - Priority = Critical
  - Assignee = CISO

Rule 3: Create ticket if
  - Classification = CREDIT_CARD or IBAN
  - Priority = Critical
  - Assignee = Finance security team

3. Save

Step 6: Test Ticket Creation

Verify tickets are created correctly.

1. Create a test high-risk interaction in Noxys
2. Trigger a policy violation
3. Check Jira project for new ticket
4. Verify all fields are populated correctly

ServiceNow Integration

Step 1: Create ServiceNow API User

Create integration user for Noxys.

1. ServiceNow Admin → System Security → Users
2. Click New
3. Configure:
   • User name: noxys_integration
   • Full name: Noxys AI Firewall
   • Password: (generate secure password)
4. Click Submit
5. Grant role: itil or security_admin

Step 2: Get ServiceNow Instance Details

Find your instance information.

1. Your ServiceNow instance URL: https://your-instance.service-now.com
2. API user credentials from step 1

Step 3: Configure in Noxys

Set up ServiceNow integration.

1. Noxys Admin Panel → Integrations → ServiceNow
2. Click Enable Integration
3. Configure:

Field	Value
Instance URL	https://your-instance.service-now.com
Username	noxys_integration
Password	Password from step 1
Table	incident (or custom table)

4. Click Test Connection
   • Should show: "✓ Successfully connected to ServiceNow"
5. Click Save

Step 4: Configure Incident Template

Define incident creation.

1. Settings → Incident Templates → ServiceNow
2. Configure fields:

Field	Value
Category	Security
Subcategory	AI Platform Security
Urgency	Based on risk_score
Impact	Based on classification_type
Assignment group	Security Operations
Description	Include full context

3. Save

Step 5: Create Automation Rules

Configure incident creation.

1. Settings → Incident Creation Rules
2. Create rules:

Rule 1: Create incident if
  - Action = BLOCK
  - Risk >= 0.8
  - Category: Security
  - Urgency: High

Rule 2: Create incident if
  - Classification IN [CREDIT_CARD, IBAN]
  - Urgency: Critical
  - Assignment: Finance Security team

Rule 3: Auto-resolve incident if
  - Status = coached (non-blocking)
  - After 24 hours without recurrence

3. Save

Step 6: Configure Workflows

Create ServiceNow workflow automation.

1. Workflow Editor → Create Workflow
2. Configure:

Trigger: Incident created from Noxys

Workflow Steps:

1. Assign to Security team

2. Check risk score

   • If critical: Escalate to manager
   • If high: Standard priority

3. Set priority based on classification

4. Send notification email

5. Create change request if needed

6. Activate Workflow

Shared Configuration

Field Mapping

Both Jira and ServiceNow support field mapping:

{
  "mapping": {
    "Platform": "platform_id",
    "Risk Score": "risk_score",
    "User": "user_email",
    "Classifications": "classifications",
    "Policy Action": "policy_decisions.action",
    "Timestamp": "timestamp"
  }
}

Ticket Status Synchronization

Keep ticket status in sync with Noxys:

Status	Meaning
Open	Incident under investigation
In Progress	Being remediated
Resolved	Ticket closed, no recurrence
Closed	Archived

Priority Mapping

Map risk scores to ticket priority:

Risk Score	Priority	SLA
0.9-1.0	Critical	1 hour
0.7-0.9	High	4 hours
0.5-0.7	Medium	1 day
0-0.5	Low	5 days

Advanced: Custom Fields

Add custom fields to capture Noxys data.

Jira Custom Fields

1. Administration → Custom Fields → Create Custom Field

2. Create fields:

   • Noxys Event ID (text)
   • Risk Score (number)
   • Classifications Detected (multi-select)
   • Platform Name (text)

3. Add to ticket screen

ServiceNow Custom Fields

1. Table API → Create custom columns:

   • u_noxys_event_id (string)
   • u_risk_score (decimal)
   • u_classifications (multi-line text)
   • u_platform_name (choice)

2. Include in incident form

Incident Examples

Example Jira Ticket

Project: SEC
Type: Bug
Priority: High
Summary: BLOCKED: High-risk ChatGPT interaction (EMAIL detected)

Description:
Policy Violation Detected

Platform: ChatGPT
Risk Score: 0.95
User: alice@acme.fr
Time: 2026-03-20 14:32 UTC

Classification Detected:
- EMAIL (alice@acme.fr) - 98% confidence

Policy Action: BLOCKED
Policy Name: Block PII on ChatGPT

Event ID: evt_abc123def456

Investigation Steps:
1. Verify user did not submit credentials
2. Check user's recent activity
3. Schedule security training
4. Review ChatGPT access policy

Labels: noxys, ai-security, chatgpt, pii-exposure
Assignee: Security Operations

Example ServiceNow Incident

Number: INC0123456
Category: Security
Subcategory: AI Platform Security
Urgency: High
Impact: Medium
State: New
Priority: 2

Short Description:
Policy violation: High-risk interaction detected on ChatGPT

Description:
User: alice@acme.fr
Platform: ChatGPT
Risk Score: 0.95

Detected:
- Email addresses exposed
- Confidence: 98%

Policy triggered: Block PII on ChatGPT
Action taken: Interaction blocked

Assigned to: Security Operations Team
Assignment group: SOC

Work Notes:
- [2026-03-20 14:32] Incident created by Noxys
- [2026-03-20 14:35] Assigned to SOC
- [2026-03-20 14:40] Investigation started

Troubleshooting

Tickets Not Creating

1. Verify integration is Enabled
2. Check ticket creation rules are configured
3. Verify API credentials are correct
4. Test connection again
5. Review integration logs for errors

Missing Fields in Ticket

1. Verify field mapping is configured correctly
2. Check custom fields exist in Jira/ServiceNow
3. Verify field names match exactly
4. Test with manual ticket creation

Assignment Not Working

1. Verify team/user exists in Jira/ServiceNow
2. Check user has correct permissions
3. Verify assignment rule syntax
4. Test assignment manually

Best Practices

1. Create specific projects/tables:

   • Separate project for AI security incidents
   • Easier to track and report

2. Use consistent naming:

   • Follow your organization's naming convention
   • Makes searching easier

3. Include full context:

   • Capture all event details in description
   • Help investigation with full context

4. Automate assignment:

   • Route by severity
   • Route by platform
   • Distribute workload

5. Set appropriate SLAs:

   • Critical: 1 hour response
   • High: 4 hours response
   • Medium: 1 day response
   • Low: 5 days response

6. Regular review:

   • Weekly: Check incident backlog
   • Monthly: Review trends
   • Quarterly: Adjust rules

Reporting

Create reports on Noxys incidents:

Jira Reports

Report: AI Security Incidents (Monthly)
- Total incidents: 45
- Resolved: 40 (89%)
- Average resolution time: 6 hours
- By platform: ChatGPT (25), Claude (12), Gemini (8)
- By severity: Critical (3), High (18), Medium (24)

ServiceNow Analytics

Dashboard: Noxys AI Security
- Incidents created: 45
- Average time to assignment: 15 min
- Average MTTR: 6 hours
- Assignment group workload: Distributed
- Trend: 12% decrease from last month

Integration with Other Tools

Jira + Slack

Send ticket links to Slack notifications:

🚫 BLOCKED: High-risk interaction

Platform: ChatGPT
Risk Score: 0.95
User: alice@acme.fr

🎫 Jira Ticket: [SEC-1234] BLOCKED: High-risk ChatGPT...

ServiceNow + Teams

Post incident updates to Teams:

📋 Incident Created: INC0123456

Category: AI Platform Security
Urgency: High
Assigned: Security Ops

[View in ServiceNow]

Support & Resources

• Jira API: https://developer.atlassian.com/cloud/jira/rest/v3/
• ServiceNow API: https://developer.servicenow.com/
• Noxys Support: support@noxys.eu

Related Integrations

• Slack/Teams — Real-time alerts
• Webhooks API — Custom webhook configuration
• Overview — All integrations