Bitbucket Secret Scanning Rule Deleted

Feb 26, 2024 · attack.defense_evasion attack.t1562.001 ·

Detects when secret scanning rule is deleted for the project or repository.

Sigma rule (View on GitHub)

 1title: Bitbucket Secret Scanning Rule Deleted
 2id: ff91e3f0-ad15-459f-9a85-1556390c138d
 3status: experimental
 4description: Detects when secret scanning rule is deleted for the project or repository.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
 7    - https://confluence.atlassian.com/bitbucketserver/secret-scanning-1157471613.html
 8author: Muhammad Faisal (@faisalusuf)
 9date: 2024/02/25
10tags:
11    - attack.defense_evasion
12    - attack.t1562.001
13logsource:
14    product: bitbucket
15    service: audit
16    definition: 'Requirements: "Basic" log level is required to receive these audit events.'
17detection:
18    selection:
19        auditType.category:
20            - 'Projects'
21            - 'Repositories'
22        auditType.action:
23            - 'Project secret scanning rule deleted'
24            - 'Repository secret scanning rule deleted'
25    condition: selection
26falsepositives:
27    - Legitimate user activity.
28level: low

References

Audit log events | Bitbucket Data Center 8.19 | Atlassian Documentation

Audit log events

Read More
Secret scanning | Bitbucket Data Center 8.19 | Atlassian Documentation

Secret scanning

Read More

Bitbucket Secret Scanning Rule Deleted

Sigma rule (View on GitHub)

References

Audit log events | Bitbucket Data Center 8.19 | Atlassian Documentation

Secret scanning | Bitbucket Data Center 8.19 | Atlassian Documentation

Related rules