Atlassian (Jira / Confluence)

  • Updated on Jan 26, 2025
  • Published on May 14, 2023
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Jira Audit Logs

✅

✅

jira_audit_logs

NDJSON

API

Confluence Audit Logs

✅

✅

confluence_audit_logs

NDJSON

API

Bitbucket Audit Logs

✅

✅

bitbucket_audit_logs

NDJSON

S3

Overview

imageAtlassian is a software company that develops products for software developers, project managers and other software development teams. Integrating your Atlassian logs to the Hunters ecosystem will allow storing the data in a parsed format and getting audit logs from Atlassian in your environment.

Supported data types

Jira Audit Logs

Table name: jira_audit_logs

Jira audit logs are records that capture changes and activities within the Jira software to help administrators track and review actions for security and compliance purposes. These logs detail changes made to the system configuration, user management, project settings, and more, enabling oversight of who did what and when in Jira.

Learn more here.

Confluence Audit Logs

Table name: confluence_audit_logs

Confluence audit logs are records that track various changes and activities within Confluence, such as changes to space permissions, group memberships, and global settings. These logs are essential for security, compliance, and troubleshooting, providing administrators with detailed insights into who made changes, what changes were made, and when they occurred.

Learn more here.

Bitbucket Audit Logs

Table name: bitbucket_audit_logs

Bitbucket audit logs provide a detailed record of activities and changes within Bitbucket repositories and settings, including user access, permission changes, and repository modifications. These logs help administrators track who did what and when, assisting in security and compliance efforts.

Learn more here.

Send data to Hunters

Jira and Confluence logs

Jira and Confluence logs are connected through API.

To connect Jira or Confluence logs:

  1. Follow this guide and gather the following information:

    • Domain

    • User (Administrator required)

    • API key

  2. Complete the process on the Hunters platform, following this guide.

Bitbucket logs

Hunters supports the ingestion of Bitbucket logs via an intermediary AWS S3 bucket.

To connect Bitbucket logs:

  1. ship the logs from your server, located under the folder `/data/butbucket/log/audit`, to an S3 bucket shared with Hunters.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

The expected format of the logs is the ND-JSON format as exported by Atlassian. While it is recommended to log the full schema, any subset of the fields can be ingested, given that you are providing your specific schema to Hunters.

Atlassian API Credentials sample

‘domain’: ‘https://<your_domain>.atlassian.net’,  
'mail': ‘user_mail’,  
"api_token": ********* (this should be the API token related to the user)

Atlassian Jira log sample

{"id": 1, "summary": "User updated", "created": "2022-08-03:00:00.000+0000", "category": "user management", "eventSource": "", "objectItem": {"id": "abc123", "name": "def456", "typeName": "USER", "parentId": "2", "parentName": "IDP Directory"}, "changedValues": [{"fieldName": "Active / Inactive", "changedFrom": "Active", "changedTo": "Inactive"}], "associatedItems": [{"id": "abc123", "name": "def456", "typeName": "USER", "parentId": "2", "parentName": "IDP Directory"}]}

Atlassian Confluence log sample

{"author": {"type": "user", "displayName": "Name", "operations": null, "isExternalCollaborator": false, "accountType": "", "publicName": "user", "externalCollaborator": false}, "remoteAddress": "", "creationDate": 1661412506867, "summary": "User deleted", "description": "", "category": "Users and groups", "sysAdmin": false, "superAdmin": false, "affectedObject": {"name": "Name (Unlicensed)", "objectType": "User"}, "changedValues": [], "associatedObjects": []}

Atlassian Bitbucket log sample

{"affectedObjects":[{"id":"12341","name":"TLA","type":"PROJECT"},{"id":"12342","name":"scripts","type":"REPOSITORY"}],"auditType":{"action":"Repository accessed by user","actionI18nKey":"bitbucket.service.repository.audit.action.repositoryaccessed","area":"END_USER_ACTIVITY","category":"Repositories","categoryI18nKey":"bitbucket.service.audit.category.repositories","level":"BASE"},"author":{"id":"12343","name":"user1","type":"NORMAL"},"changedValues":[],"extraAttributes":[{"name":"target","nameI18nKey":"bitbucket.audit.attribute.legacy.target","value":"TLA/scripts"},{"name":"Load balancer/proxy IP address","nameI18nKey":"atlassian.audit.event.attribute.forwarder","value":"12.1.12.123"}],"method":"Browser","node":"abcd-fea7-4fd7-bc34-abc123","source":"123.12.12.12","system":"https://example.ab.abc.upwork","timestamp":{"epochSecond":1644624007,"nano":410000000},"version":"1.0"}