Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon

Company

Partners About Us Blog Data Sheet PDF

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Atlassian Marketplace

RansomLeak for Jira Service Management

Turn security-relevant service desk requests into targeted training. The app assigns a short RansomLeak module to the affected employee and records completion back on the issue.

Last updated June 2026

Overview

RansomLeak connects Jira Service Management to targeted security awareness training. When a security-relevant request comes in, the app assigns a short, interactive RansomLeak module to the affected employee, then records completion back on the issue.

Each security ticket becomes a teaching moment for the right person, with the evidence on the ticket your team already works from. These are the requests it is built for:

  • Phishing reports
  • Security incidents
  • Risky access requests
  • Onboarding tickets

You decide which request types trigger training and which curriculum each one assigns. The app acts only on the request types you map, so nothing fires on routine tickets.

Requirements

  • Jira Service Management (Cloud)
  • Permission to install Marketplace apps
  • A RansomLeak integration API key

The API key is a Bearer token that begins with rl_. Create it in your RansomLeak account, or email support@ransomleak.com and we will issue one for your account.

Keep the key somewhere safe during setup. You paste it once into the app's admin page, where it is held in Forge encrypted storage.

Installation

The app is free on the Atlassian Marketplace and runs on Atlassian Forge, so there is no infrastructure for you to host or maintain.

  1. Open the RansomLeak listing on the Atlassian Marketplace and select Get it now.

  2. Choose your Jira Service Management site and confirm the installation.

  3. Open the app's admin page from Jira settings → Apps → RansomLeak to start configuration.

Forge runs the app on Atlassian-hosted infrastructure, inside Atlassian's trust boundary. There are no servers, containers, or webhooks for your team to operate.

Configuration

Everything is set from the app's admin page in Jira settings. There are three steps.

  1. Add your API key. Paste the RansomLeak integration key, the token that starts with rl_. It is saved in Forge encrypted storage and is not shown again.

  2. Map request types to curricula. For each Jira Service Management request type you care about, choose the RansomLeak curriculum it should assign. Request types you do not map are ignored.

  3. Choose who gets trained. Per mapping, train the reporter, which is the default, or a specific person named in a user-picker field on the request.

Who gets trained When to use it
Reporter (default) The person who raised the request is the affected employee, as with a self-reported phishing email.
User-picker field The affected employee is someone other than the reporter, as with an access request raised on another person's behalf.

How it works

Once a request type is mapped, the flow runs on its own. Nothing is queued for an agent to action by hand.

  1. A request comes in on a mapped request type.

  2. The app resolves the affected employee's work email from the reporter or the user-picker field you chose.

  3. It calls the RansomLeak assignment API over TLS and posts an assigned comment on the issue, so the trail starts on the ticket.

  4. The employee completes the short module in RansomLeak.

  5. RansomLeak calls back. The app writes a completed comment and sets a read-only Training status field on the originating request.

The Training status field is set by the app and is read-only, so the ticket keeps an accurate record of assignment and completion for audit and follow-up.

Permissions and data handling

The app requests the minimum Forge scopes it needs to identify the affected employee and write the result back. Each scope maps to one job.

Scope Why the app needs it
read:jira-work Read the issue, its fields and reporter, and receive issue events.
write:jira-work Post the assigned and completed comments back on the issue.
read:servicedesk-request Read and enumerate Jira Service Management request types for mapping.
read:email-address:jira Resolve the affected employee's work email.
write:app-data:jira Set the app's own read-only Training status field.
storage:app Hold the encrypted API key, your request-type mapping, and idempotency records.
  • Egress only to app.ransomleak.com over TLS
  • Reads only request id, type, and work email
  • Never stores the ticket body

The only external call is to app.ransomleak.com over TLS, to assign training and receive completion. For how RansomLeak handles data, see the privacy policy and the security and compliance page.

Troubleshooting

Symptom Fix
No training assigned Confirm the request type is mapped, and that the affected user has a work email. If the reporter has no email, point the mapping at a user-picker field that does.
Completion is not on the ticket Completion writes back asynchronously after the employee finishes the module. Check the Training status field and the issue comments on the originating request.
Next guide Risk-based automation See how RansomLeak turns security signals from across your stack into automatically assigned, targeted training.

Need a hand?

Email support@ransomleak.com and we will help you connect Jira Service Management to your tenant.

See RansomLeak in Action

Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.

Request Demo Try Free Exercises