Bitbucket Unauthorized Access To A Resource
Detects unauthorized access attempts to a resource.
Sigma rule (View on GitHub)
1title: Bitbucket Unauthorized Access To A Resource
2id: 7215374a-de4f-4b33-8ba5-70804c9251d3
3status: experimental
4description: Detects unauthorized access attempts to a resource.
5references:
6 - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
7author: Muhammad Faisal (@faisalusuf)
8date: 2024-02-25
9tags:
10 - attack.resource-development
11 - attack.t1586
12logsource:
13 product: bitbucket
14 service: audit
15 definition: 'Requirements: "Advance" log level is required to receive these audit events.'
16detection:
17 selection:
18 auditType.category: 'Security'
19 auditType.action: 'Unauthorized access to a resource'
20 condition: selection
21falsepositives:
22 - Access attempts to non-existent repositories or due to outdated plugins. Usually "Anonymous" user is reported in the "author.name" field in most cases.
23level: critical
References
Related rules
- Bitbucket Unauthorized Full Data Export Triggered
- Antivirus Relevant File Paths Alerts
- Conti Volume Shadow Listing
- Creation of a Diagcab
- FoggyWeb Backdoor DLL Loading