Bitbucket Unauthorized Access To A Resource

Aug 12, 2024 · attack.resource-development attack.t1586 ·

Detects unauthorized access attempts to a resource.

Sigma rule (View on GitHub)

 1title: Bitbucket Unauthorized Access To A Resource
 2id: 7215374a-de4f-4b33-8ba5-70804c9251d3
 3status: experimental
 4description: Detects unauthorized access attempts to a resource.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
 7author: Muhammad Faisal (@faisalusuf)
 8date: 2024-02-25
 9tags:
10    - attack.resource-development
11    - attack.t1586
12logsource:
13    product: bitbucket
14    service: audit
15    definition: 'Requirements: "Advance" log level is required to receive these audit events.'
16detection:
17    selection:
18        auditType.category: 'Security'
19        auditType.action: 'Unauthorized access to a resource'
20    condition: selection
21falsepositives:
22    - Access attempts to non-existent repositories or due to outdated plugins. Usually "Anonymous" user is reported in the "author.name" field in most cases.
23level: critical

References

Audit log events | Bitbucket Data Center 9.3 | Atlassian Documentation

Audit log events

Read More

Bitbucket Unauthorized Access To A Resource

Sigma rule (View on GitHub)

References

Audit log events | Bitbucket Data Center 9.3 | Atlassian Documentation

Related rules