Bitbucket Audit Log Configuration Updated

calendar Aug 12, 2024 · attack.defense-evasion attack.t1562.001  ·
Share on: linkedin copy

Detects changes to the bitbucket audit log configuration.

Sigma rule (View on GitHub)

 1title: Bitbucket Audit Log Configuration Updated
 2id: 6aa12161-235a-4dfb-9c74-fe08df8d8da1
 3status: experimental
 4description: Detects changes to the bitbucket audit log configuration.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/view-and-configure-the-audit-log-776640417.html
 7author: Muhammad Faisal (@faisalusuf)
 8date: 2024-02-25
 9tags:
10    - attack.defense-evasion
11    - attack.t1562.001
12logsource:
13    product: bitbucket
14    service: audit
15    definition: 'Requirements: "Basic" log level is required to receive these audit events.'
16detection:
17    selection:
18        auditType.category: 'Auditing'
19        auditType.action: 'Audit log configuration updated'
20    condition: selection
21falsepositives:
22    - Legitimate user activity.
23level: medium

References

Related rules

to-top