Atlassian Beacon Alert
Id | 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b |
Rulename | Atlassian Beacon Alert |
Description | The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident’s events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations. |
Severity | High |
Required data connectors | AtlassianBeaconAlerts |
Kind | Scheduled |
Query frequency | 5m |
Query period | 5m |
Trigger threshold | 0 |
Trigger operator | gt |
Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml |
Version | 1.0.1 |
Arm template | 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b.json |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
suppressionEnabled: false
entityMappings:
relevantTechniques: []
suppressionDuration: 5h
triggerOperator: gt
triggerThreshold: 0
queryPeriod: 5m
customDetails:
tactics: []
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
requiredDataConnectors:
- dataTypes:
- atlassian_beacon_alerts_CL
connectorId: AtlassianBeaconAlerts
kind: Scheduled
incidentConfiguration:
createIncident: true
groupingConfiguration:
matchingMethod: AllEntities
enabled: true
reopenClosedIncident: false
lookbackDuration: 5h
sentinelEntitiesMappings:
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
queryFrequency: 5m
name: Atlassian Beacon Alert
severity: High
version: 1.0.1
status: Available
eventGroupingSettings:
aggregationKind: SingleAlert
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspace": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2024-01-01-preview",
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
"kind": "Scheduled",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/83fbf6a2-f227-48f4-8e7b-0b0ecac2381b')]",
"properties": {
"alertDetailsOverride": {
"alertDisplayNameFormat": "Atlassian Beacon - {alertTitle_s}"
},
"alertRuleTemplateName": "83fbf6a2-f227-48f4-8e7b-0b0ecac2381b",
"customDetails": null,
"description": "'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'\n",
"displayName": "Atlassian Beacon Alert",
"enabled": true,
"entityMappings": null,
"eventGroupingSettings": {
"aggregationKind": "SingleAlert"
},
"incidentConfiguration": {
"createIncident": true,
"groupingConfiguration": {
"enabled": true,
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"reopenClosedIncident": false
}
},
"OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml",
"query": "atlassian_beacon_alerts_CL\n| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type\n",
"queryFrequency": "PT5M",
"queryPeriod": "PT5M",
"sentinelEntitiesMappings": null,
"severity": "High",
"status": "Available",
"subTechniques": [],
"suppressionDuration": "PT5H",
"suppressionEnabled": false,
"tactics": [],
"techniques": [],
"templateVersion": "1.0.1",
"triggerOperator": "GreaterThan",
"triggerThreshold": 0
},
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
}
]
}