atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
tactics: []
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
suppressionEnabled: false
status: Available
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
version: 1.0.1
severity: High
triggerThreshold: 0
sentinelEntitiesMappings:
entityMappings:
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
name: Atlassian Beacon Alert
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
suppressionDuration: 5h
queryPeriod: 5m
eventGroupingSettings:
aggregationKind: SingleAlert
queryFrequency: 5m
triggerOperator: gt
customDetails:
kind: Scheduled
incidentConfiguration:
groupingConfiguration:
reopenClosedIncident: false
enabled: true
matchingMethod: AllEntities
lookbackDuration: 5h
createIncident: true
requiredDataConnectors:
- connectorId: AtlassianBeaconAlerts
dataTypes:
- atlassian_beacon_alerts_CL
relevantTechniques: []
