Detectioncriticaltest
Bitbucket Unauthorized Access To A Resource
Detects unauthorized access attempts to a resource.
Convert In Phoenix Studio
Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.
Launch
Log Source
bitbucketaudit
Productbitbucket← raw: bitbucket
Serviceaudit← raw: audit
Definition
Requirements: "Advance" log level is required to receive these audit events.
Detection Logic
Detection Logic1 selector
detection:
selection:
auditType.category: 'Security'
auditType.action: 'Unauthorized access to a resource'
condition: selectionFalse Positives
Access attempts to non-existent repositories or due to outdated plugins. Usually "Anonymous" user is reported in the "author.name" field in most cases.
MITRE ATT&CK
Techniques
Rule Metadata
Rule ID
7215374a-de4f-4b33-8ba5-70804c9251d3
Status
test
Level
critical
Type
Detection
Created
Sun Feb 25
Author
Path
rules/application/bitbucket/audit/bitbucket_audit_unauthorized_access_detected.yml
Raw Tags
attack.resource-developmentattack.t1586