Bitbucket Full Data Export Triggered

 1title: Bitbucket Full Data Export Triggered
 2id: 195e1b9d-bfc2-4ffa-ab4e-35aef69815f8
 3status: experimental
 4description: Detects when full data export is attempted.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
 7    - https://confluence.atlassian.com/adminjiraserver0811/importing-and-exporting-data-1019391889.html
 8author: Muhammad Faisal (@faisalusuf)
 9date: 2024-02-25
10tags:
11    - attack.collection
12    - attack.t1213.003
13logsource:
14    product: bitbucket
15    service: audit
16    definition: 'Requirements: "Advance" log level is required to receive these audit events.'
17detection:
18    selection:
19        auditType.category: 'Data pipeline'
20        auditType.action: 'Full data export triggered'
21    condition: selection
22falsepositives:
23    - Legitimate user activity.
24level: high

References

• Audit log events | Bitbucket Data Center 9.3 | Atlassian Documentation

  Audit log events

  
  Read More

• Importing and exporting data | Administering Jira applications Data Center 8.11 | Atlassian Documentation

  Importing and exporting data

  
  Read More

Related rules

• Bitbucket Unauthorized Full Data Export Triggered
• Github Delete Action Invoked
• Github Outside Collaborator Detected
• Github Self Hosted Runner Changes Detected
• 7Zip Compressing Dump Files