atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
version: 1.0.1
queryFrequency: 5m
customDetails:
incidentConfiguration:
createIncident: true
groupingConfiguration:
enabled: true
lookbackDuration: 5h
matchingMethod: AllEntities
reopenClosedIncident: false
kind: Scheduled
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
relevantTechniques: []
entityMappings:
triggerThreshold: 0
name: Atlassian Beacon Alert
tactics: []
sentinelEntitiesMappings:
triggerOperator: gt
eventGroupingSettings:
aggregationKind: SingleAlert
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
suppressionDuration: 5h
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
requiredDataConnectors:
- dataTypes:
- atlassian_beacon_alerts_CL
connectorId: AtlassianBeaconAlerts
severity: High
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
queryPeriod: 5m
suppressionEnabled: false
status: Available
