Atlassian Logs
Panther supports pulling logs directly from Atlassian
Overview
Panther has the ability to fetch Atlassian event logs by querying the Atlassian Organizations REST API. Panther is specifically monitoring the following Atlassian events:
Administrative actions, related to settings or other organization pages
Actions that organization admins take related to the organization’s security policies
In order to set up Atlassian as a log source in Panther, you'll need to authorize Panther in Atlassian by generating an API key in your Atlassian account and then set up Atlassian as a log source in Panther.
How to onboard Atlassian logs to Panther
Prerequisite
Your Atlassian user must have the organization admin role in order to perform the following steps.
Step 1: Generate an API key in Atlassian
From your organization at admin.atlassian.com, select Settings > API keys.
Click Create API key in the top right.
Enter a descriptive API key name.
By default, the key expires one week after creation.
To change the expiration date, pick a new date under Expires on.
Note: The maximum you can extend your expiration date is up to one year from creation date.
Click Create to save the API key.
Copy the values for your Organization ID and API key.
You'll need these values to access your organization in Step 2.
Make sure you store these values in a safe place, as Atlassian will not display them again.
Click Done. The new key will appear in your list of API keys.
Note: If you have trouble creating the API key, reference Atlassian's docs.
Step 2: Create a new Atlassian log source in Panther
In the lefthand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Select Atlassian from the list of available log sources. Click Start Source Setup.
On the next screen, enter a descriptive name for the source e.g.,
My Atlassian Event logs.
Click Setup.
On the Set Credentials page, fill in the form:
Organization: Enter your Atlassian organization ID that you generated in the previous steps of this documentation.
API Key: Enter your Atlassian API Key that you generated in the previous steps of this documentation.
Click Setup. You will be directed to a success screen:
You can optionally enable one or more Detection Packs.
The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
Supported log types
Atlassian.Audit
The audit log of events from an organization.
Reference: Atlassian Documentation on Audit Logs & Events.
Last updated