atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
queryPeriod: 5m
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
name: Atlassian Beacon Alert
entityMappings:
suppressionDuration: 5h
queryFrequency: 5m
suppressionEnabled: false
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
kind: Scheduled
incidentConfiguration:
groupingConfiguration:
lookbackDuration: 5h
reopenClosedIncident: false
matchingMethod: AllEntities
enabled: true
createIncident: true
version: 1.0.1
eventGroupingSettings:
aggregationKind: SingleAlert
sentinelEntitiesMappings:
status: Available
severity: High
requiredDataConnectors:
- connectorId: AtlassianBeaconAlerts
dataTypes:
- atlassian_beacon_alerts_CL
triggerOperator: gt
triggerThreshold: 0
customDetails:
tactics: []
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
relevantTechniques: []
