Bitbucket Unauthorized Full Data Export Triggered

Aug 12, 2024 · attack.collection attack.resource-development attack.t1213.003 attack.t1586 ·

Detects when full data export is attempted an unauthorized user.

Sigma rule (View on GitHub)

 1title: Bitbucket Unauthorized Full Data Export Triggered
 2id: 34d81081-03c9-4a7f-91c9-5e46af625cde
 3status: experimental
 4description: Detects when full data export is attempted an unauthorized user.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
 7    - https://confluence.atlassian.com/bitbucketserver/secret-scanning-1157471613.html
 8author: Muhammad Faisal (@faisalusuf)
 9date: 2024-02-25
10tags:
11    - attack.collection
12    - attack.resource-development
13    - attack.t1213.003
14    - attack.t1586
15logsource:
16    product: bitbucket
17    service: audit
18    definition: 'Requirements: "Advance" log level is required to receive these audit events.'
19detection:
20    selection:
21        auditType.category: 'Data pipeline'
22        auditType.action: 'Unauthorized full data export triggered'
23    condition: selection
24falsepositives:
25    - Unlikely
26level: critical

References

Audit log events | Bitbucket Data Center 9.3 | Atlassian Documentation

Audit log events

Read More
Secret scanning | Bitbucket Data Center 9.3 | Atlassian Documentation

Secret scanning

Read More

Bitbucket Unauthorized Full Data Export Triggered

Sigma rule (View on GitHub)

References

Audit log events | Bitbucket Data Center 9.3 | Atlassian Documentation

Secret scanning | Bitbucket Data Center 9.3 | Atlassian Documentation

Related rules