Atlassian Beacon Alert
| Id | 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b |
| Rulename | Atlassian Beacon Alert |
| Description | The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident’s events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations. |
| Severity | High |
| Required data connectors | AtlassianBeaconAlerts |
| Kind | Scheduled |
| Query frequency | 5m |
| Query period | 5m |
| Trigger threshold | 0 |
| Trigger operator | gt |
| Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml |
| Version | 1.0.1 |
| Arm template | 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b.json |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
customDetails:
tactics: []
entityMappings:
incidentConfiguration:
groupingConfiguration:
enabled: true
matchingMethod: AllEntities
lookbackDuration: 5h
reopenClosedIncident: false
createIncident: true
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
sentinelEntitiesMappings:
requiredDataConnectors:
- connectorId: AtlassianBeaconAlerts
dataTypes:
- atlassian_beacon_alerts_CL
version: 1.0.1
relevantTechniques: []
queryFrequency: 5m
queryPeriod: 5m
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
suppressionDuration: 5h
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
kind: Scheduled
triggerThreshold: 0
severity: High
suppressionEnabled: false
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
name: Atlassian Beacon Alert
status: Available
triggerOperator: gt
eventGroupingSettings:
aggregationKind: SingleAlert
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2024-01-01-preview",
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
"kind": "Scheduled",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
"properties": {
"alertDetailsOverride": {
"alertDisplayNameFormat": "Atlassian Beacon - {alertTitle_s}"
},
"alertRuleTemplateName": "83fbf6a2-f227-48f4-8e7b-0b0ecac2381b",
"customDetails": null,
"description": "'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'\n",
"displayName": "Atlassian Beacon Alert",
"enabled": true,
"entityMappings": null,
"eventGroupingSettings": {
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": true,
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"reopenClosedIncident": false
}
},
"OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml",
"query": "atlassian_beacon_alerts_CL\n| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type\n",
"queryFrequency": "PT5M",
"queryPeriod": "PT5M",
"sentinelEntitiesMappings": null,
"severity": "High",
"status": "Available",
"subTechniques": [],
"suppressionDuration": "PT5H",
"suppressionEnabled": false,
"tactics": [],
"techniques": [],
"templateVersion": "1.0.1",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0
},
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
}
]
}