atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
name: Atlassian Beacon Alert
relevantTechniques: []
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
suppressionEnabled: false
requiredDataConnectors:
- dataTypes:
- atlassian_beacon_alerts_CL
connectorId: AtlassianBeaconAlerts
eventGroupingSettings:
aggregationKind: SingleAlert
version: 1.0.1
severity: High
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
queryPeriod: 5m
entityMappings:
kind: Scheduled
queryFrequency: 5m
incidentConfiguration:
groupingConfiguration:
reopenClosedIncident: false
matchingMethod: AllEntities
lookbackDuration: 5h
enabled: true
createIncident: true
suppressionDuration: 5h
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
status: Available
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
tactics: []
sentinelEntitiesMappings:
customDetails:
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
triggerOperator: gt
