Bitbucket Audit Log Configuration Updated

 1title: Bitbucket Audit Log Configuration Updated
 2id: 6aa12161-235a-4dfb-9c74-fe08df8d8da1
 3status: experimental
 4description: Detects changes to the bitbucket audit log configuration.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/view-and-configure-the-audit-log-776640417.html
 7author: Muhammad Faisal (@faisalusuf)
 8date: 2024/02/25
 9tags:
10    - attack.defense_evasion
11    - attack.t1562.001
12logsource:
13    product: bitbucket
14    service: audit
15    definition: 'Requirements: "Basic" log level is required to receive these audit events.'
16detection:
17    selection:
18        auditType.category: 'Auditing'
19        auditType.action: 'Audit log configuration updated'
20    condition: selection
21falsepositives:
22    - Legitimate user activity.
23level: medium

References

• View and configure the audit log | Bitbucket Data Center 8.19 | Atlassian Documentation

  View and configure the audit log

  
  Read More

Related rules

• Bitbucket Global SSH Settings Changed
• Bitbucket Global Secret Scanning Rule Deleted
• Bitbucket Project Secret Scanning Allowlist Added
• Bitbucket Secret Scanning Exempt Repository Added
• Bitbucket Secret Scanning Rule Deleted