Detectionmediumtest

Bitbucket Audit Log Configuration Updated

Detects changes to the bitbucket audit log configuration.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Muhammad FaisalCreated Sun Feb 256aa12161-235a-4dfb-9c74-fe08df8d8da1application

Log Source

bitbucketaudit

Productbitbucket← raw: bitbucket

Serviceaudit← raw: audit

Definition

Requirements: "Basic" log level is required to receive these audit events.

Detection Logic

detection:
    selection:
        auditType.category: 'Auditing'
        auditType.action: 'Audit log configuration updated'
    condition: selection

False Positives

Legitimate user activity.

References

MITRE ATT&CK

Tactics

Sub-techniques

Rule Metadata

Rule ID

6aa12161-235a-4dfb-9c74-fe08df8d8da1

Status

test

Level

medium

Type

Detection

Created

Sun Feb 25

Author

Path

rules/application/bitbucket/audit/bitbucket_audit_log_configuration_update_detected.yml

Raw Tags

attack.defense-evasionattack.t1562.001