atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
entityMappings:
tactics: []
suppressionEnabled: false
suppressionDuration: 5h
requiredDataConnectors:
- dataTypes:
- atlassian_beacon_alerts_CL
connectorId: AtlassianBeaconAlerts
alertDetailsOverride:
alertDisplayNameFormat: Atlassian Beacon - {alertTitle_s}
incidentConfiguration:
groupingConfiguration:
enabled: true
lookbackDuration: 5h
reopenClosedIncident: false
matchingMethod: AllEntities
createIncident: true
id: 83fbf6a2-f227-48f4-8e7b-0b0ecac2381b
severity: High
eventGroupingSettings:
aggregationKind: SingleAlert
status: Available
customDetails:
kind: Scheduled
query: |
atlassian_beacon_alerts_CL
| project TimeGenerated, detectiontime_d, alert_created_t, alert_title_s, alertTitle_s, alert_url_s, alertDetailURL_s, activity_action_s, alert_product_s, activity_subject_ari_s, actor_name_s, actor_url_s, actor_sessions_s, atlassianAlertType_s, atlassianWorkspace_id_g, atlassianWorkspace_orgId_s, Type
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Integration for Atlassian Beacon/Analytic Rules/AtlassianBeacon_High.yaml
sentinelEntitiesMappings:
queryPeriod: 5m
version: 1.0.1
name: Atlassian Beacon Alert
queryFrequency: 5m
triggerThreshold: 0
relevantTechniques: []
description: |
'The analytic rule creates an incident when an alert is created in Atlassian Beacon. The incident's events contains values such as alert name, alert url, actor name, actor details, worskpace id of the atlassian beacon, etc. Navigate to the alertDetailURL to view more information on recommendations and remediations.'
triggerOperator: gt
