Atlassian Beacon Alert

Back


Id	83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
Rulename	Atlassian Beacon Alert
Description	The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident’s events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.
Severity	High
Required data connectors	AtlassianBeaconAlerts
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
Version	1.0.1
Arm template	83fbf6a2-f227-48f4-8e7b-0b0ecac2381b.json

KQL

atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type

YAML

customDetails: 
status: Available
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
alertDetailsOverride:
  alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
suppressionDuration: 5h
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
description: |
    'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
name: Atlassian Beacon Alert
incidentConfiguration:
  groupingConfiguration:
    matchingMethod: AllEntities
    reopenClosedIncident: false
    lookbackDuration: 5h
    enabled: true
  createIncident: true
suppressionEnabled: false
entityMappings: 
triggerThreshold: 0
query: |
  atlassian_beacon_alerts_CL
  | project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type  
severity: High
requiredDataConnectors:
- dataTypes:
  - atlassian_beacon_alerts_CL
  connectorId: AtlassianBeaconAlerts
eventGroupingSettings:
  aggregationKind: SingleAlert
sentinelEntitiesMappings: 
queryFrequency: 5m
queryPeriod: 5m
version: 1.0.1
relevantTechniques: []
kind: Scheduled
tactics: []
triggerOperator: gt

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
      "properties": {
        "alertDetailsOverride": {
          "alertDisplayNameFormat": "Atlassian Beacon - {alertTitle_s}"
        },
        "alertRuleTemplateName": "83fbf6a2-f227-48f4-8e7b-0b0ecac2381b",
        "customDetails": null,
        "description": "'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'\n",
        "displayName": "Atlassian Beacon Alert",
        "enabled": true,
        "entityMappings": null,
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "incidentConfiguration": {
          "createIncident": true,
          "groupingConfiguration": {
            "enabled": true,
            "lookbackDuration": "PT5H",
            "matchingMethod": "AllEntities",
            "reopenClosedIncident": false
          }
        },
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml",
        "query": "atlassian_beacon_alerts_CL\n| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type\n",
        "queryFrequency": "PT5M",
        "queryPeriod": "PT5M",
        "sentinelEntitiesMappings": null,
        "severity": "High",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT5H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "templateVersion": "1.0.1",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}