Atlassian Beacon Alert
| Id | 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b |
| Rulename | Atlassian Beacon Alert |
| Description | The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident’s events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations. |
| Severity | High |
| Required data connectors | AtlassianBeaconAlerts |
| Kind | Scheduled |
| Query frequency | 5m |
| Query period | 5m |
| Trigger threshold | 0 |
| Trigger operator | gt |
| Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml |
| Version | 1.0.1 |
| Arm template | 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b.json |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
name: Atlassian Beacon Alert
relevantTechniques: []
incidentConfiguration:
groupingConfiguration:
matchingMethod: AllEntities
lookbackDuration: 5h
enabled: true
reopenClosedIncident: false
createIncident: true
eventGroupingSettings:
aggregationKind: SingleAlert
requiredDataConnectors:
- dataTypes:
- atlassian_beacon_alerts_CL
connectorId: AtlassianBeaconAlerts
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
tactics: []
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
entityMappings:
suppressionEnabled: false
queryFrequency: 5m
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
triggerOperator: gt
suppressionDuration: 5h
version: 1.0.1
queryPeriod: 5m
sentinelEntitiesMappings:
status: Available
kind: Scheduled
severity: High
triggerThreshold: 0
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
customDetails:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2024-01-01-preview",
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
"kind": "Scheduled",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
"properties": {
"alertDetailsOverride": {
"alertDisplayNameFormat": "Atlassian Beacon - {alertTitle_s}"
},
"alertRuleTemplateName": "83fbf6a2-f227-48f4-8e7b-0b0ecac2381b",
"customDetails": null,
"description": "'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'\n",
"displayName": "Atlassian Beacon Alert",
"enabled": true,
"entityMappings": null,
"eventGroupingSettings": {
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": true,
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"reopenClosedIncident": false
}
},
"OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml",
"query": "atlassian_beacon_alerts_CL\n| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type\n",
"queryFrequency": "PT5M",
"queryPeriod": "PT5M",
"sentinelEntitiesMappings": null,
"severity": "High",
"status": "Available",
"subTechniques": [],
"suppressionDuration": "PT5H",
"suppressionEnabled": false,
"tactics": [],
"techniques": [],
"templateVersion": "1.0.1",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0
},
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
}
]
}