Bitbucket Unauthorized Full Data Export Triggered

 1title: Bitbucket Unauthorized Full Data Export Triggered
 2id: 34d81081-03c9-4a7f-91c9-5e46af625cde
 3status: experimental
 4description: Detects when full data export is attempted an unauthorized user.
 5references:
 6    - https://confluence.atlassian.com/bitbucketserver/audit-log-events-776640423.html
 7    - https://confluence.atlassian.com/bitbucketserver/secret-scanning-1157471613.html
 8author: Muhammad Faisal (@faisalusuf)
 9date: 2024/02/25
10tags:
11    - attack.collection
12    - attack.resource_development
13    - attack.t1213.003
14    - attack.t1586
15logsource:
16    product: bitbucket
17    service: audit
18    definition: 'Requirements: "Advance" log level is required to receive these audit events.'
19detection:
20    selection:
21        auditType.category: 'Data pipeline'
22        auditType.action: 'Unauthorized full data export triggered'
23    condition: selection
24falsepositives:
25    - Unlikely
26level: critical

References

• Audit log events | Bitbucket Data Center 8.19 | Atlassian Documentation

  Audit log events

  
  Read More

• Secret scanning | Bitbucket Data Center 8.19 | Atlassian Documentation

  Secret scanning

  
  Read More

Related rules

• Bitbucket Full Data Export Triggered
• Bitbucket Unauthorized Access To A Resource
• Bitbucket User Details Export Attempt Detected
• Suspicious Manipulation Of Default Accounts Via Net.EXE
• Exchange PowerShell Snap-Ins Usage