Bitbucket Project Secret Scanning Allowlist Added

 1title: Bitbucket Project Secret Scanning Allowlist Added
 2id: 42ccce6d-7bd3-4930-95cd-e4d83fa94a30
 3status: experimental
 4description: Detects when a secret scanning allowlist rule is added for projects.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
 7    - https://confluence.atlassian.com/bitbucketserver/secret-scanning-1157471613.html
 8author: Muhammad Faisal (@faisalusuf)
 9date: 2024/02/25
10tags:
11    - attack.defense_evasion
12    - attack.t1562.001
13logsource:
14    product: bitbucket
15    service: audit
16    definition: 'Requirements: "Basic" log level is required to receive these audit events.'
17detection:
18    selection:
19        auditType.category: 'Projects'
20        auditType.action: 'Project secret scanning allowlist rule added'
21    condition: selection
22falsepositives:
23    - Legitimate user activity.
24level: low

References

• Audit log events | Bitbucket Data Center 8.19 | Atlassian Documentation

  Audit log events

  
  Read More

• Secret scanning | Bitbucket Data Center 8.19 | Atlassian Documentation

  Secret scanning

  
  Read More

Related rules

• Bitbucket Audit Log Configuration Updated
• Bitbucket Global SSH Settings Changed
• Bitbucket Global Secret Scanning Rule Deleted
• Bitbucket Secret Scanning Exempt Repository Added
• Bitbucket Secret Scanning Rule Deleted