Atlassian Logs
Panther supports pulling logs directly from Atlassian
Last updated
Was this helpful?
Panther supports pulling logs directly from Atlassian
Last updated
Was this helpful?
Panther has the ability to fetch Atlassian event logs by querying the . Panther is specifically monitoring the following Atlassian events:
Administrative actions, related to settings or other organization pages
Actions that organization admins take related to the organization’s security policies
In order to set up Atlassian as a log source in Panther, you'll need to authorize Panther in Atlassian by generating an API key in your Atlassian account and then set up Atlassian as a log source in Panther.
Your Atlassian user must have the in order to perform the following steps.
From your organization at , select Settings > API keys.
Click Create API key in the top right.
Enter a descriptive API key name.
By default, the key expires one week after creation.
To change the expiration date, pick a new date under Expires on.
Note: The maximum you can extend your expiration date is up to one year from creation date.
Click Create to save the API key.
Copy the values for your Organization ID and API key.
You'll need these values to access your organization in Step 2.
Make sure you store these values in a safe place, as Atlassian will not display them again.
Click Done. The new key will appear in your list of API keys.
In the lefthand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Select Atlassian from the list of available log sources. Click Start Source Setup.
On the next screen, enter a descriptive name for the source e.g., My Atlassian Event logs.
Click Setup.
On the Set Credentials page, fill in the form:
Organization: Enter your Atlassian organization ID that you generated in the previous steps of this documentation.
API Key: Enter your Atlassian API Key that you generated in the previous steps of this documentation.
Click Setup. You will be directed to a success screen:
The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
The audit log of events from an organization.
Note: If you have trouble creating the API key, reference .
You can optionally enable one or more .
Reference: