Detectionlowtest

Bitbucket Project Secret Scanning Allowlist Added

Detects when a secret scanning allowlist rule is added for projects.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Muhammad FaisalCreated Sun Feb 2542ccce6d-7bd3-4930-95cd-e4d83fa94a30application

Log Source

bitbucketaudit

Productbitbucket← raw: bitbucket

Serviceaudit← raw: audit

Definition

Requirements: "Basic" log level is required to receive these audit events.

Detection Logic

detection:
    selection:
        auditType.category: 'Projects'
        auditType.action: 'Project secret scanning allowlist rule added'
    condition: selection

False Positives

Legitimate user activity.

References

Resolving title…

confluence.atlassian.com

Resolving title…

confluence.atlassian.com

MITRE ATT&CK

Tactics

TA0005 · Defense Evasion

Sub-techniques

T1562.001 · Disable or Modify Tools

Rule Metadata

Rule ID

42ccce6d-7bd3-4930-95cd-e4d83fa94a30

Status

test

Level

low

Type

Detection

Created

Sun Feb 25

Author

Muhammad Faisal

Path

rules/application/bitbucket/audit/bitbucket_audit_project_secret_scanning_allowlist_added.yml

Raw Tags

attack.defense-evasionattack.t1562.001

View on GitHub