nexpose_ticketing 1.0.2 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f87999035739237fdbbb5c978292fb1327b95d35
-  data.tar.gz: 6d917864b7f2a5d9246fc2214bbea37b464323e1
+  metadata.gz: 03778e753df032041d1c6a46bcef5f89df66d705
+  data.tar.gz: d163c3488d78c12ade992381b06479ba8ad40be9
 SHA512:
-  metadata.gz: 3f8f1a3907e9ba7c3e556b75253c8833946a65c59efd62e06816f54853d894796f1bfd733323f94459ff0e2dada0d6d17a86549cc0e53a3fe1182ef5647a236f
-  data.tar.gz: 374e3350847992ee22d5abc9377d64867f2670da2b6f5c48f256ef02e0d6906cc3e33af87ad5cf23aaeb9f397228364d1f3bf0c945065842228cc67d784d30ad
+  metadata.gz: 958e7e85146d2c2010b10723b06570203effb135017b3f280d8132d60fe5903d73b713a4d3bf9356f9dc63881067b52f8dde20e72546bad1565857bedb2284ae
+  data.tar.gz: ebaaa9c06a62105e3cb00425f1cc7e2ed93f67d2103f8224488da3f673b226dfd73abce6a72bb389869b6aa5bb4fcafad25167356167c0ef044b7f8018c61e08

data/README.md

@@ -72,6 +72,28 @@ We welcome contributions to this package. We ask only that pull requests and pat
 
 ##Changelog
 
+###1.2.0
+
+####Configuration Options
+Ticketing mode must be specified using the entire title, rather than a single character. e.g. 'Vulnerability' instead of 'V'
+Added the following configuration option:
+- log_console - NXLogger also gets printed to the console.
+
+####Ticketing Modes
+Ticketing modes (Default, IP, Vulnerability) are now abstracted into their own classes.
+CommonHelper has been replaced with BaseMode from which other modes are extended.
+
+####Ticketing Helpers
+Ticketing helpers extend a BaseHelper class.
+Ticketing helpers now log the number of tickets that are opened/closed/updated.
+
+###1.1.0
+10-02-2016
+Added the following configuration options:
+- max_ticket_length - Specifies a maximum length for the description field of a ticket.
+- max_title_length - Specifies a maximum length for the title of a ticket.
+- max_num_refs - Specifies the maximum number of references included in a vulnerability description.
+
 ###1.0.2
 08-02-2016
 - Encoding is now enforced as UTF-8 when parsing CSV files - fixes environment-specific errors.

data/bin/nexpose_ticketing

@@ -0,0 +1,45 @@
+#!/usr/bin/env ruby
+require 'yaml'
+require 'nexpose_ticketing'
+require 'nexpose_ticketing/nx_logger'
+require 'nexpose_ticketing/version'
+require 'optparse'
+
+options = {}
+OptionParser.new do |opts|
+  opts.banner = "Usage: nexpose_ticketing [service name]"
+end.parse!
+
+if ARGV.count == 0
+  puts 'Ticketing system name required.'
+  exit -1
+end
+
+system = ARGV.first
+config_path = File.join(File.dirname(__FILE__),
+                        "../lib/nexpose_ticketing/config/#{system}.config")
+
+unless File.exists? config_path
+  puts "Configuration file could not be found at #{config_path}"
+  exit -1
+end
+
+# Read in JIRA options from jira.config.
+service_options = begin
+  YAML.load_file(config_path)
+rescue ArgumentError => e
+  raise "Could not parse YAML #{config_path} : #{e.message}"
+end
+
+log = NexposeTicketing::NxLogger.instance
+log.setup_statistics_collection(service_options["vendor"], 
+                                service_options["product"], 
+                                NexposeTicketing::VERSION)
+log.setup_logging(true, 'info')
+
+current_encoding = Encoding.default_external=Encoding.find("UTF-8")
+
+log.log_message("Current Encoding set to: #{current_encoding}")
+
+# Initialize Ticket Service using JIRA.
+NexposeTicketing.start(service_options)

data/lib/nexpose_ticketing/config/jira.config

@@ -2,7 +2,11 @@
 # This configuration file defines all the particular options necessary to support the helper.
 # Fields marked (M) are mandatory.
 #
-# (M)) Helper class name.
+# (M) Product name
+:product: JIRA
+# (M) Vendor
+:vendor: Atlassian
+# (M) Helper class name.
 :helper_name: JiraHelper
 # Optional parameters, these are implementation specific.
 :jira_url: https://url/rest/api/2/issue/

data/lib/nexpose_ticketing/config/remedy.config

@@ -2,7 +2,10 @@
 # This configuration file defines all the options necessary to support the helper.
 # Fields marked (M) are mandatory.
 #
-
+# (M) Product name
+:product: Remedy
+# (M) Vendor
+:vendor: bmc
 # (M) Helper class name
 :helper_name: RemedyHelper
 

data/lib/nexpose_ticketing/config/servicedesk.config

@@ -2,7 +2,10 @@
 # This configuration file defines all the options necessary to support the helper.
 # Fields marked (M) are mandatory.
 #
-
+# (M) Product name
+:product: ServiceDesk
+# (M) Vendor
+:vendor: ManageEngine
 # (M) Helper class name
 :helper_name: ServiceDeskHelper
 

data/lib/nexpose_ticketing/config/servicenow.config

@@ -2,7 +2,10 @@
 # This configuration file defines all the options necessary to support the helper.
 # Fields marked (M) are mandatory.
 #
-
+# (M) Product name
+:product: ServiceNow
+# (M) Vendor
+:vendor: ServiceNow
 # (M) Helper class name
 :helper_name: ServiceNowHelper
 

data/lib/nexpose_ticketing/config/ticket_service.config

@@ -8,20 +8,28 @@
   :logging_enabled: true
   # (M) Sets the log level threshold for output.
   :log_level: info
+  # Enables logger output to console.
+  :log_console: false
   # Filters the reports to specific sites one per line, leave empty for no site.
   :sites:
   - '1'
   # Minimum floor severity to report on. Number between 0 and 10.
   :severity: 8
   # (M) Name of the report historical file for sites saved in disk.
-  :file_name: last_scan_data.csv
+  :site_file_name: last_scan_data.csv
   # (M) Name of the report historical file for tags saved in disk.
   :tag_file_name: tag_last_scan_data.csv
   # (M) Defines the ticket creation mode:
-  # 'D' Default IP *-* Vulnerability
-  # 'I' IP address -* Vulnerability
-  # 'V' Vulnerability -* IP Address (Remedy helper only)
-  :ticket_mode: I
+  # 'Default' Default IP *-* Vulnerability
+  # 'IP' IP address -* Vulnerability
+  # 'Vulnerability' Vulnerability -* IP Address
+  :ticket_mode: IP
+  # The maximum character length of a ticket description (-1 is unbounded)
+  :max_ticket_length: -1
+  # The maximum character length of a ticket title, including elipsis (...)
+  :max_title_length: 100
+  # The number of references to include in the ticket description
+  :max_num_refs: 3
   # Timeout in seconds. The number of seconds the GEM waits for a response from Nexpose before exiting.
   :timeout: 10800
   # Ticket batching. Breaks ticket processing into groups of value size controlling resource utilisation of both systems.

data/lib/nexpose_ticketing/helpers/base_helper.rb

@@ -0,0 +1,43 @@
+require 'json'
+require 'net/http'
+require 'net/https'
+require 'uri'
+require 'csv'
+require 'nexpose_ticketing/nx_logger'
+require 'nexpose_ticketing/version'
+require_relative '../ticket_metrics'
+
+class BaseHelper
+  attr_accessor :service_data, :options
+
+  def initialize(service_data, options, mode)
+    @service_data = service_data
+    @options = options
+    @log = NexposeTicketing::NxLogger.instance
+    @metrics = NexposeTicketing::TicketMetrics.new
+
+    load_dependencies
+    @mode_helper = mode
+  end
+
+  # Load the mode helper specified in the config
+  def load_dependencies  
+    file = "#{@options[:ticket_mode]}_mode.rb".downcase
+    path = File.join(File.dirname(__FILE__), "../modes/#{file}")
+
+    @log.log_message("Loading #{@options[:ticket_mode]} mode dependencies.")
+    begin 
+      require_relative path
+    rescue => e
+      error = "Ticket mode dependency '#{file}' could not be loaded."
+      @log.log_error_message e.to_s
+      @log.log_error_message error
+      fail error
+    end 
+  end
+
+  # Performs any necessary clean-up
+  def finish
+    @metrics.finish
+  end
+end

data/lib/nexpose_ticketing/helpers/jira_helper.rb

@@ -5,20 +5,15 @@ require 'uri'
 require 'csv'
 require 'nexpose_ticketing/nx_logger'
 require 'nexpose_ticketing/version'
-require 'nexpose_ticketing/common_helper'
+require_relative './base_helper'
 
 # This class serves as the JIRA interface
 # that creates issues within JIRA from vulnerabilities
 # found in Nexpose.
 # Copyright:: Copyright (c) 2014 Rapid7, LLC.
-class JiraHelper
-  attr_accessor :jira_data, :options
-  def initialize(jira_data, options)
-    @jira_data = jira_data
-    @options = options
-    @log = NexposeTicketing::NxLogger.instance
-
-    @common_helper = NexposeTicketing::CommonHelper.new(@options)
+class JiraHelper < BaseHelper
+  def initialize(service_data, options, mode)
+    super(service_data, options, mode)
   end
 
   # Fetches the Jira ticket key e.g INT-1. This is required to post updates to the Jira.
@@ -29,24 +24,34 @@ class JiraHelper
   # * *Returns* :
   #   - Jira ticket key if found, nil otherwise.
   #
-  def get_jira_key(jql_query)
+  def get_jira_key(jql_query, nxid = nil)
     fail 'JQL query string cannot be empty.' if jql_query.empty?
     headers = { 'Content-Type' => 'application/json',
                 'Accept' => 'application/json' }
 
-    uri = URI.parse(("#{@jira_data[:jira_url]}".split("/")[0..-2].join('/') + '/search'))
+    uri = URI.parse(("#{@service_data[:jira_url]}".split("/")[0..-2].join('/') + '/search'))
     uri.query = [uri.query, URI.escape(jql_query)].compact.join('&')
     req = Net::HTTP::Get.new(uri.to_s, headers)
     response = send_jira_request(uri, req)
 
     issues = JSON.parse(response.body)['issues']
-   if issues.nil? || !issues.any? || issues.size > 1
-     # If Jira returns more than one key for a "unique" NXID query result then something has gone wrong...
-     # Safest response is to return no key and let logic elsewhere dictate the action to take.
-     @log.log_message("Jira returned no key or too many keys for query result! Response was <#{issues}>")
-     return nil
-   end
-   return issues[0]['key']
+
+    if issues.nil? || !issues.any?
+      @log.log_message "JIRA did not return any keys for query containing NXID #{nxid}"
+      return nil
+    end
+
+    if issues.size > 1
+      # If Jira returns more than one key for a "unique" NXID query result then something has gone wrong...
+      # Safest response is to return no key and let logic elsewhere dictate the action to take.
+      error = "Jira returned multiple keys for query containing NXID #{nxid}."
+      error += " Please check project within JIRA."
+      error += " Response was <#{issues}>"
+      @log.log_error_message(error)
+      return nil
+    end
+
+   issues[0]['key']
   end
 
   # Sends a HTTP request to the JIRA console. 
@@ -59,7 +64,7 @@ class JiraHelper
   #   - HTTPResponse containing result from the JIRA console.
   #
   def send_request(uri, request, ticket=false)
-    request.basic_auth @jira_data[:username], @jira_data[:password]
+    request.basic_auth @service_data[:username], @service_data[:password]
     resp = Net::HTTP.new(uri.host, uri.port)
 
     # Enable this line for debugging the https call.
@@ -72,9 +77,39 @@ class JiraHelper
 
     resp.start do |http|
       res = http.request(request)
-      next if res.code.to_i.between?(200,299)
-      @log.log_error_message("Error submitting ticket data: #{res.message}, #{res.body}")
-      res
+      code = res.code.to_i
+
+      next if code.between?(200,299)
+
+      unless code.between?(400, 499)
+        @log.log_error_message("Error submitting ticket data: #{res.message}, #{res.body}")
+        return res
+      end
+
+      @log.log_error_message("Unable to access JIRA.")
+      @log.log_error_message "Error code: #{code}"
+
+      #Bad project etc
+      case code
+      when 400
+        errors = res.body.scan(/errors":{(.+)}}/).first.first
+        errors = errors.gsub('"', '').gsub(':', ': ').gsub(',', "\n")
+        @log.log_error_message "Error messages:\n#{errors}"
+      #Log in failed
+      when 401
+        @log.log_error_message "Message: #{res.message.strip}"
+        @log.log_error_message "Reason: #{res['x-seraph-loginreason']}"
+      #Locked out
+      when 403
+        @log.log_error_message "Message: #{res.message.strip}"
+        @log.log_error_message "Reason: #{res['x-seraph-loginreason']}"
+        @log.log_error_message "#{res['x-authentication-denied-reason']}"
+      else
+        #e.g. 404 - bad URL
+        @log.log_error_message "Message: #{res.message.strip}"
+      end
+
+      return res
     end
   end
 
@@ -120,7 +155,7 @@ class JiraHelper
     headers = { 'Content-Type' => 'application/json',
                 'Accept' => 'application/json' }
 
-    uri = URI.parse(("#{@jira_data[:jira_url]}#{jira_key}/transitions?expand=transitions.fields."))
+    uri = URI.parse(("#{@service_data[:jira_url]}#{jira_key}/transitions?expand=transitions.fields."))
     req = Net::HTTP::Get.new(uri.to_s, headers)
     response = send_jira_request(uri, req)
 
@@ -133,42 +168,39 @@ class JiraHelper
         end
       end
     end
-    error = "Response was <#{transitions}> and desired close Step ID was <#{@jira_data[:close_step_id]}>. Jira returned no valid transition to close the ticket!"
+    error = "Response was <#{transitions}> and desired close Step ID was <#{@service_data[:close_step_id]}>. Jira returned no valid transition to close the ticket!"
     @log.log_message(error)
     return nil
   end
 
   def create_tickets(tickets)
     fail 'Ticket(s) cannot be empty.' if tickets.nil? || tickets.empty?
+    created_tickets = 0
+
     tickets.each do |ticket|
       headers = { 'Content-Type' => 'application/json',
                   'Accept' => 'application/json' }
 
-      uri = URI.parse("#{@jira_data[:jira_url]}")
-      req = Net::HTTP::Post.new(@jira_data[:jira_url], headers)
+      uri = URI.parse("#{@service_data[:jira_url]}")
+
+      req = Net::HTTP::Post.new(uri, headers)
       req.body = ticket
-      send_ticket(uri, req)
+      
+      code = send_ticket(uri, req).code.to_i
+      break if code.between?(400, 499)
+
+      created_tickets += 1
     end
+
+    @metrics.created created_tickets
   end
 
   # Prepares tickets from the CSV.
   def prepare_create_tickets(vulnerability_list, nexpose_identifier_id)
+    @metrics.start
     @log.log_message('Preparing ticket requests...')
-    case @options[:ticket_mode]
-    # 'D' Default IP *-* Vulnerability
-    when 'D' then matching_fields = ['ip_address', 'vulnerability_id']
-    # 'I' IP address -* Vulnerability
-    when 'I' then matching_fields = ['ip_address']
-    # 'V' Vulnerability -* Assets
-    when 'V' then matching_fields = ['vulnerability_id']
-    else
-        fail 'Unsupported ticketing mode selected.'
-    end
-
-    prepare_tickets(vulnerability_list, nexpose_identifier_id, matching_fields)
-  end
-
-  def prepare_tickets(vulnerability_list, nexpose_identifier_id, matching_fields)
+    matching_fields = @mode_helper.get_matching_fields
+    
     @ticket = Hash.new(-1)
 
     @log.log_message("Preparing tickets for #{@options[:ticket_mode]} mode.")
@@ -182,34 +214,35 @@ class JiraHelper
         @ticket = {
             'fields' => {
                 'project' => {
-                    'key' => "#{@jira_data[:project]}" },
-                'summary' => @common_helper.get_title(row),
+                    'key' => "#{@service_data[:project]}" },
+                'summary' => @mode_helper.get_title(row),
                 'description' => '',
                 'issuetype' => {
                     'name' => 'Task' }
             }
         }
-        description = @common_helper.get_description(nexpose_identifier_id, row)
+        description = @mode_helper.get_description(nexpose_identifier_id, row)
       elsif matching_fields.any? { |x| previous_row[x].nil? || previous_row[x] != row[x] }
-        info = @common_helper.get_field_info(matching_fields, previous_row)
+        info = @mode_helper.get_field_info(matching_fields, previous_row)
         @log.log_message("Generated ticket with #{info}")
 
-        @ticket['fields']['description'] = @common_helper.print_description(description)
+        @ticket['fields']['description'] = @mode_helper.print_description(description)
         tickets.push(@ticket.to_json)
         previous_row = nil
         description = nil
         redo
       else
-        description = @common_helper.update_description(description, row)
+        description = @mode_helper.update_description(description, row)
       end
     end
 
     unless @ticket.nil? || @ticket.empty?
-      @ticket['fields']['description'] = @common_helper.print_description(description)
+      info = @mode_helper.get_field_info(matching_fields, previous_row)
+      @log.log_message("Generated ticket with #{info}")
+      @ticket['fields']['description'] = @mode_helper.print_description(description)
       tickets.push(@ticket.to_json)
     end
 
-    @log.log_message("Generated <#{tickets.count.to_s}> tickets.")
     tickets
   end
 
@@ -222,43 +255,48 @@ class JiraHelper
   def close_tickets(tickets)
     if tickets.nil? || tickets.empty?
       @log.log_message('No tickets to close.')
-    else
-      headers = { 'Content-Type' => 'application/json',
-                  'Accept' => 'application/json' }
+      return
+    end
+    closed_count = 0
 
-      tickets.each do |ticket|
-        uri = URI.parse(("#{@jira_data[:jira_url]}#{ticket}/transitions"))
-        req = Net::HTTP::Post.new(uri.to_s, headers)
+    headers = { 'Content-Type' => 'application/json',
+                'Accept' => 'application/json' }
 
-        transition = get_jira_transition_details(ticket, @jira_data[:close_step_id])
-        if transition.nil?
-          #Valid transition could not be found. Ignore ticket since we do not know what to do with it.
-          @log.log_message("No valid transition found for ticket <#{ticket}>. Skipping closure.")
-          next
-        end
+    tickets.each do |ticket|
+      uri = URI.parse(("#{@service_data[:jira_url]}#{ticket}/transitions"))
+      req = Net::HTTP::Post.new(uri.to_s, headers)
 
-        #We need to find any required fields to send with the transition request
-        required_fields = []
-        transition['fields'].each do |field|
-          if field[1]['required'] == true
-            # Currently only required fields with 'allowedValues' in the JSON response are supported.
-            if not field[1].has_key? 'allowedValues'
-              @log.log_message("Closing ticket <#{ticket}> requires a field I know nothing about! Transition details are <#{transition}>. Ignoring this field.")
-              next
-            else
-              if field[1]['schema']['type'] == 'array'
-                required_fields << "\"#{field[0]}\" : [{\"id\" : \"#{field[1]['allowedValues'][0]['id']}\"}]"
-              else
-                required_fields << "\"#{field[0]}\" : {\"id\" : \"#{field[1]['allowedValues'][0]['id']}\"}"
-              end
-            end
-          end
+      transition = get_jira_transition_details(ticket, @service_data[:close_step_id])
+      if transition.nil?
+        #Valid transition could not be found. Ignore ticket since we do not know what to do with it.
+        @log.log_message("No valid transition found for ticket <#{ticket}>. Skipping closure.")
+        next
+      end
+
+      #We need to find any required fields to send with the transition request
+      required_fields = []
+      transition['fields'].each do |field|
+        next unless field[1]['required'] == true
+          
+        # Currently only required fields with 'allowedValues' in the JSON response are supported.
+        if not field[1].has_key? 'allowedValues'
+          @log.log_message("Closing ticket <#{ticket}> requires a field I know nothing about! Transition details are <#{transition}>. Ignoring this field.")
+            next
         end
 
-        req.body = "{\"transition\" : {\"id\" : #{transition['id']}}, \"fields\" : { #{required_fields.join(",")}}}"
-        send_ticket(uri, req)
+        field = "{\"id\" : \"#{field[1]['allowedValues'][0]['id']}\"}"
+        field = "[#{field}]" if field[1]['schema']['type'] == 'array'
+        required_fields << "\"#{field[0]}\" : #{field}"
       end
+
+      req.body = "{\"transition\" : {\"id\" : #{transition['id']}}, \"fields\" : { #{required_fields.join(",")}}}"
+      code = send_ticket(uri, req).code.to_i
+      break if code.between?(400, 499)
+
+      closed_count += 1
     end
+
+    @metrics.closed closed_count
   end
 
   # Prepare ticket closures from the CSV of vulnerabilities exported from Nexpose.
@@ -274,9 +312,10 @@ class JiraHelper
     @nxid = nil
     tickets = []
     CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
-      @nxid = @common_helper.generate_nxid(nexpose_identifier_id, row)
+      @nxid = @mode_helper.get_nxid(nexpose_identifier_id, row)
       # Query Jira for the ticket by unique id (generated NXID)
-      queried_key = get_jira_key("jql=project=#{@jira_data[:project]} AND description ~ \"NXID: #{@nxid}\" AND (status != #{@jira_data[:close_step_name]})&fields=key")
+      query_string = "jql=project=#{@service_data[:project]} AND description ~ \"NXID: #{@nxid}\" AND (status != #{@service_data[:close_step_name]})&fields=key"
+      queried_key = get_jira_key(query_string, @nxid)
       if queried_key.nil? || queried_key.empty?
         @log.log_message("Error when closing tickets - query for NXID <#{@nxid}> should have returned a Jira key!!")
       else
@@ -284,6 +323,7 @@ class JiraHelper
         tickets.push(queried_key)
       end
     end
+
     tickets
   end
 
@@ -300,20 +340,28 @@ class JiraHelper
       tickets.each do |ticket_details|
         headers = {'Content-Type' => 'application/json',
                    'Accept' => 'application/json'}
+      
+        create_new_ticket = ticket_details.first.nil?
+
+        url = "#{service_data[:jira_url]}"
+
+        if create_new_ticket
+          req = Net::HTTP::Post.new(url, headers)
+          req.body = ticket_details.last
+        else
+          url += "#{ticket_details[0]}"
+          req = Net::HTTP::Put.new(url, headers)
+          req.body = {'update' => {'description' => [{'set' => "#{JSON.parse(ticket_details[1])['fields']['description']}"}]}}.to_json
+        end
 
-        (ticket_details.first.nil?) ? send_whole_ticket = true : send_whole_ticket = false
-
-        url = "#{jira_data[:jira_url]}"
-        url += "#{ticket_details.first}" unless send_whole_ticket
-        uri = URI.parse(url)
-
-        send_whole_ticket ? req = Net::HTTP::Post.new(uri.to_s, headers) : req = Net::HTTP::Put.new(uri.to_s, headers)
-
-        send_whole_ticket ?
-            req.body = ticket_details.last :
-            req.body = {'update' => {'description' => [{'set' => "#{JSON.parse(ticket_details[1])['fields']['description']}"}]}}.to_json
-
-        send_ticket(uri, req)
+        code = send_ticket(URI.parse(url), req).code.to_i
+        break if code.between?(400, 499)
+         
+        if create_new_ticket
+          @metrics.created
+        else
+          @metrics.updated
+        end
       end
     end
   end
@@ -327,7 +375,9 @@ class JiraHelper
   #   - List of JSON-formated tickets for updating within Jira.
   #
   def prepare_update_tickets(vulnerability_list, nexpose_identifier_id)
-    fail 'Ticket updates are not supported in Default mode.' if @options[:ticket_mode] == 'D'
+    @metrics.start
+    return unless @mode_helper.updates_supported?
+    
     @log.log_message('Preparing tickets to update.')
     #Jira uses the ticket key to push updates. Since new IPs won't have a Jira key, generate new tickets for all of the IPs found.
     updated_tickets = prepare_create_tickets(vulnerability_list, nexpose_identifier_id)
@@ -345,7 +395,9 @@ class JiraHelper
         @log.log_message("Failed to parse the NXID from a generated ticket update! Ignoring ticket <#{nxid}>")
         next
       end
-      queried_key = get_jira_key("jql=project=#{@jira_data[:project]} AND description ~ \"#{nxid.strip}\" AND (status != #{@jira_data[:close_step_name]})&fields=key")
+
+      query_string = "jql=project=#{@service_data[:project]} AND description ~ \"#{nxid.strip}\" AND (status != #{@service_data[:close_step_name]})&fields=key"
+      queried_key = get_jira_key(query_string, nxid)
       ticket_key_pair = []
       ticket_key_pair << queried_key
       ticket_key_pair << ticket