Detectionhightest

Bitbucket Secret Scanning Exempt Repository Added

Detects when a repository is exempted from secret scanning feature.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Muhammad FaisalCreated Sun Feb 25b91e8d5e-0033-44fe-973f-b730316f23a1application

Log Source

bitbucketaudit

Productbitbucket← raw: bitbucket

Serviceaudit← raw: audit

Definition

Requirements: "Basic" log level is required to receive these audit events.

Detection Logic

detection:
    selection:
        auditType.category: 'Repositories'
        auditType.action: 'Secret scanning exempt repository added'
    condition: selection

False Positives

Legitimate user activity.

References

Resolving title…

confluence.atlassian.com

Resolving title…

confluence.atlassian.com

MITRE ATT&CK

Tactics

TA0005 · Defense Evasion

Sub-techniques

T1562.001 · Disable or Modify Tools

Rule Metadata

Rule ID

b91e8d5e-0033-44fe-973f-b730316f23a1

Status

test

Level

high

Type

Detection

Created

Sun Feb 25

Author

Muhammad Faisal

Path

rules/application/bitbucket/audit/bitbucket_audit_secret_scanning_exempt_repository_detected.yml

Raw Tags

attack.defense-evasionattack.t1562.001

View on GitHub