atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
status: Available
queryFrequency: 5m
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
entityMappings:
suppressionEnabled: false
suppressionDuration: 5h
requiredDataConnectors:
- connectorId: AtlassianBeaconAlerts
dataTypes:
- atlassian_beacon_alerts_CL
kind: Scheduled
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
eventGroupingSettings:
aggregationKind: SingleAlert
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
relevantTechniques: []
customDetails:
incidentConfiguration:
groupingConfiguration:
matchingMethod: AllEntities
reopenClosedIncident: false
enabled: true
lookbackDuration: 5h
createIncident: true
triggerThreshold: 0
queryPeriod: 5m
triggerOperator: gt
name: Atlassian Beacon Alert
tactics: []
severity: High
sentinelEntitiesMappings:
version: 1.0.1
