Knowledge BaseRelease NotesRequest Demo

Atlassian Logs

Panther supports pulling logs directly from Atlassian

Overview

Panther has the ability to fetch Atlassian event logs by querying the Atlassian Organizations REST API. Panther is specifically monitoring the following Atlassian events:

  • Administrative actions, related to settings or other organization pages

  • Actions that organization admins take related to the organization’s security policies

In order to set up Atlassian as a log source in Panther, you'll need to authorize Panther in Atlassian by generating an API key in your Atlassian account and then set up Atlassian as a log source in Panther.

How to onboard Atlassian logs to Panther

Prerequisite

Step 1: Generate an API key in Atlassian

  1. From your organization at admin.atlassian.com, select Settings > API keys.

  2. Click Create API key in the top right.

  3. Enter a descriptive API key name.

    • By default, the key expires one week after creation.

    • To change the expiration date, pick a new date under Expires on.

    • Note: The maximum you can extend your expiration date is up to one year from creation date.

  4. Click Create to save the API key.

  5. Copy the values for your Organization ID and API key.

    • You'll need these values to access your organization in Step 2.

    • Make sure you store these values in a safe place, as Atlassian will not display them again.

  6. Click Done. The new key will appear in your list of API keys.

Note: If you have trouble creating the API key, reference Atlassian's docs.

Step 2: Create a new Atlassian log source in Panther

  1. In the lefthand navigation bar of your Panther Console, click Configure > Log Sources.

  2. Click Create New.

  3. Select Atlassian from the list of available log sources. Click Start Source Setup.

  4. On the next screen, enter a descriptive name for the source e.g., My Atlassian Event logs.

  5. Click Setup.

  6. On the Set Credentials page, fill in the form:

    • Organization: Enter your Atlassian organization ID that you generated in the previous steps of this documentation.

    • API Key: Enter your Atlassian API Key that you generated in the previous steps of this documentation.

  7. Click Setup. You will be directed to a success screen:

    The success screen reads, "Everything looks good! Panther will now automatically pull & process logs from your account"

    • You can optionally enable one or more Detection Packs.

    • The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.

      The "Trigger an alert when no events are processed" toggle is set to YES. The "How long should Panther wait before it sends you an alert that no events have been processed" setting is set to 1 Day

Supported log types

Required fields in the schema are listed as "required: true" just below the "name" field.

Atlassian.Audit

The audit log of events from an organization.

Reference: Atlassian Documentation on Audit Logs & Events.

PreviousAsana LogsNextAuditd Logs (Beta)

Last updated

Was this helpful?