Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Atlassian Beacon Alert

Atlassian Beacon Alert

Back
Id83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
RulenameAtlassian Beacon Alert
DescriptionThe analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident’s events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.
SeverityHigh
Required data connectorsAtlassianBeaconAlerts
KindScheduled
Query frequency5m
Query period5m
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
Version1.0.1
Arm template83fbf6a2-f227-48f4-8e7b-0b0ecac2381b.json
Deploy To Azure
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type

kind: Scheduled
sentinelEntitiesMappings: 
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
entityMappings: 
name: Atlassian Beacon Alert
severity: High
triggerOperator: gt
tactics: []
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    matchingMethod: AllEntities
    enabled: true
    lookbackDuration: 5h
    reopenClosedIncident: false
triggerThreshold: 0
query: |
  atlassian_beacon_alerts_CL
  | project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type  
status: Available
description: |
    'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
customDetails: 
eventGroupingSettings:
  aggregationKind: SingleAlert
queryFrequency: 5m
suppressionEnabled: false
queryPeriod: 5m
relevantTechniques: []
version: 1.0.1
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
suppressionDuration: 5h
requiredDataConnectors:
- connectorId: AtlassianBeaconAlerts
  dataTypes:
  - atlassian_beacon_alerts_CL
alertDetailsOverride:
  alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
      "properties": {
        "alertDetailsOverride": {
          "alertDisplayNameFormat": "Atlassian Beacon - {alertTitle_s}"
        },
        "alertRuleTemplateName": "83fbf6a2-f227-48f4-8e7b-0b0ecac2381b",
        "customDetails": null,
        "description": "'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'\n",
        "displayName": "Atlassian Beacon Alert",
        "enabled": true,
        "entityMappings": null,
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "incidentConfiguration": {
          "createIncident": true,
          "groupingConfiguration": {
            "enabled": true,
            "lookbackDuration": "PT5H",
            "matchingMethod": "AllEntities",
            "reopenClosedIncident": false
          }
        },
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml",
        "query": "atlassian_beacon_alerts_CL\n| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type\n",
        "queryFrequency": "PT5M",
        "queryPeriod": "PT5M",
        "sentinelEntitiesMappings": null,
        "severity": "High",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT5H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "templateVersion": "1.0.1",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}