atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
customDetails:
status: Available
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
sentinelEntitiesMappings:
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
requiredDataConnectors:
- dataTypes:
- atlassian_beacon_alerts_CL
connectorId: AtlassianBeaconAlerts
incidentConfiguration:
groupingConfiguration:
reopenClosedIncident: false
enabled: true
matchingMethod: AllEntities
lookbackDuration: 5h
createIncident: true
relevantTechniques: []
kind: Scheduled
name: Atlassian Beacon Alert
tactics: []
severity: High
suppressionDuration: 5h
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
entityMappings:
queryFrequency: 5m
suppressionEnabled: false
eventGroupingSettings:
aggregationKind: SingleAlert
triggerThreshold: 0
triggerOperator: gt
version: 1.0.1
queryPeriod: 5m
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
