« Atlassian Confluence Integration Auditd »
Elastic Docs Elastic integrations Atlassian

Atlassian Jira Integration

edit

Atlassian Jira Integration

edit

Version

1.28.0 (View all)

Compatible Kibana version(s)

8.13.0 or higher

Supported Serverless project types
What’s this?

Security
Observability

Subscription level
What’s this?

Basic

Level of support
What’s this?

Community

The Jira integration collects audit logs from the audit log files or the audit API.

Authentication Set-Up

edit

When setting up the Atlassian Jira Integration for Atlassian Cloud you will need to use the "Jira User Identifier" and "Jira API Token" fields in the integration configuration. These will allow connection to the Atlassian Cloud REST API via Basic Authentication.

If you are using a self-hosted instance, you will be able to use either the "Jira User Identifier" and "Jira API Token" fields above, or use the "Personal Access Token" field to authenticate with a PAT. If the "Personal Access Token" field is set in the configuration, it will take precedence over the User ID/API Token fields.

Logs

edit
Audit
edit

The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian JIRA Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token.

Exported fields
Field Description Type

@timestamp

Event timestamp.

date

cloud.image.id

Image ID for the cloud instance.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

input.type

Input type

keyword

jira.audit.affected_objects

Affected Objects

flattened

jira.audit.changed_values

Changed Values

flattened

jira.audit.extra_attributes

Extra Attributes

flattened

jira.audit.method

Method

keyword

jira.audit.type.action

Action

keyword

jira.audit.type.actionI18nKey

actionI18nKey

keyword

jira.audit.type.area

Area

keyword

jira.audit.type.category

Category

keyword

jira.audit.type.categoryI18nKey

categoryI18nKey

keyword

jira.audit.type.level

Audit Level

keyword

log.offset

Log offset

long
Example

An example event for audit looks as following:

{
    "@timestamp": "2021-11-22T00:05:08.514Z",
    "agent": {
        "ephemeral_id": "4a05fc27-d72e-43ab-aa6e-e19105807ecd",
        "id": "cdda426a-7e47-48c4-b2f5-b9f1ad5bf08a",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "8.8.0"
    },
    "data_stream": {
        "dataset": "atlassian_jira.audit",
        "namespace": "ep",
        "type": "logs"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "cdda426a-7e47-48c4-b2f5-b9f1ad5bf08a",
        "snapshot": true,
        "version": "8.8.0"
    },
    "event": {
        "action": "jira.auditing.group.created",
        "agent_id_status": "verified",
        "category": [
            "iam"
        ],
        "dataset": "atlassian_jira.audit",
        "ingested": "2023-05-09T21:23:48Z",
        "kind": "event",
        "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"jira.auditing.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":514000000},\"version\":\"1.0\"}",
        "type": [
            "group",
            "creation"
        ]
    },
    "group": {
        "name": "jira-software-users"
    },
    "host": {
        "architecture": "x86_64",
        "containerized": true,
        "hostname": "docker-fleet-agent",
        "id": "cff3d165179d4aef9596ddbb263e3adb",
        "ip": [
            "172.23.0.7"
        ],
        "mac": [
            "02-42-AC-17-00-07"
        ],
        "name": "docker-fleet-agent",
        "os": {
            "codename": "focal",
            "family": "debian",
            "kernel": "5.10.47-linuxkit",
            "name": "Ubuntu",
            "platform": "ubuntu",
            "type": "linux",
            "version": "20.04.5 LTS (Focal Fossa)"
        }
    },
    "input": {
        "type": "log"
    },
    "jira": {
        "audit": {
            "affected_objects": [
                {
                    "name": "jira-software-users",
                    "type": "GROUP"
                }
            ],
            "method": "Browser",
            "type": {
                "action": "Group created",
                "actionI18nKey": "jira.auditing.group.created",
                "area": "USER_MANAGEMENT",
                "category": "group management",
                "categoryI18nKey": "jira.auditing.category.groupmanagement",
                "level": "BASE"
            }
        }
    },
    "log": {
        "file": {
            "path": "/tmp/service_logs/test-audit.log"
        },
        "offset": 0
    },
    "related": {
        "hosts": [
            "jira.internal"
        ],
        "ip": [
            "10.50.33.72"
        ],
        "user": [
            "Anonymous"
        ]
    },
    "service": {
        "address": "http://jira.internal:8088"
    },
    "source": {
        "address": "10.50.33.72",
        "ip": "10.50.33.72"
    },
    "tags": [
        "preserve_original_event",
        "jira-audit"
    ],
    "user": {
        "id": "-2",
        "name": "Anonymous"
    }
}

Changelog

edit
Changelog
Version Details Kibana version(s)

1.28.0

Enhancement (View pull request)
Add "preserve_original_event" tag to documents with event.kind set to "pipeline_error".

8.13.0 or higher

1.27.2

Bug fix (View pull request)
Use triple-brace Mustache templating when referencing variables in ingest pipelines.

8.13.0 or higher

1.27.1

Bug fix (View pull request)
Use triple-brace Mustache templating when referencing variables in ingest pipelines.

8.13.0 or higher

1.27.0

Enhancement (View pull request)
Allow @custom pipeline access to event.original without setting preserve_original_event.

8.13.0 or higher

1.26.0

Enhancement (View pull request)
Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.25.0

Enhancement (View pull request)
Improve handling of empty responses.

8.12.0 or higher

1.24.0

Enhancement (View pull request)
Set sensitive values as secret.

8.12.0 or higher

1.23.2

Enhancement (View pull request)
Changed owners

8.7.1 or higher

1.23.1

Bug fix (View pull request)
Fix exclude_files pattern.

8.7.1 or higher

1.23.0

Enhancement (View pull request)
Limit request tracer log count to five.

8.7.1 or higher

1.22.0

Enhancement (View pull request)
ECS version updated to 8.11.0.

8.7.1 or higher

1.21.0

Enhancement (View pull request)
Improve event.original check to avoid errors if set.

8.7.1 or higher

1.20.0

Enhancement (View pull request)
Set community owner type.

8.7.1 or higher

1.19.1

Bug fix (View pull request)
Add stop condition for Jira Cloud pagination.

8.7.1 or higher

1.19.0

Enhancement (View pull request)
ECS version updated to 8.10.0.

8.7.1 or higher

1.18.0

Enhancement (View pull request)
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added owner.type: elastic to package manifest.

8.7.1 or higher

1.17.0

Enhancement (View pull request)
Add tags.yml file so that integration’s dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

8.7.1 or higher

1.16.1

Bug fix (View pull request)
Ensure from/to timestamps are properly encoded.

8.7.1 or higher

1.16.0

Enhancement (View pull request)
Add ability to set condition for logfile logs.

8.7.1 or higher

1.15.0

Enhancement (View pull request)
Update package to ECS 8.9.0.

8.7.1 or higher

1.14.0

Enhancement (View pull request)
Document duration units.

8.7.1 or higher

1.13.0

Enhancement (View pull request)
Document valid duration units.

8.7.1 or higher

1.12.0

Enhancement (View pull request)
Ensure event.kind is correctly set for pipeline errors.

8.7.1 or higher

1.11.0

Enhancement (View pull request)
Update package to ECS 8.8.0.

8.7.1 or higher

1.10.0

Enhancement (View pull request)
Add a new flag to enable request tracing

8.7.1 or higher

1.9.0

Enhancement (View pull request)
Update package-spec version to 2.7.0.

7.16.0 or higher
8.0.0 or higher

1.8.0

Enhancement (View pull request)
Update package to ECS 8.7.0.

7.16.0 or higher
8.0.0 or higher

1.7.1

Enhancement (View pull request)
Added categories and/or subcategories.

7.16.0 or higher
8.0.0 or higher

1.7.0

Enhancement (View pull request)
Update package to ECS 8.6.0.

7.16.0 or higher
8.0.0 or higher

1.6.1

Bug fix (View pull request)
Fix handling of messages with no events.

7.16.0 or higher
8.0.0 or higher

1.6.0

Enhancement (View pull request)
Update package to ECS 8.5.0.

7.16.0 or higher
8.0.0 or higher

1.5.2

Enhancement (View pull request)
Use ECS geo.location definition.

7.16.0 or higher
8.0.0 or higher

1.5.1

Bug fix (View pull request)
Clarify basic authentication config options.

7.16.0 or higher
8.0.0 or higher

1.5.0

Enhancement (View pull request)
Update package to ECS 8.4.0

7.16.0 or higher
8.0.0 or higher

1.4.1

Bug fix (View pull request)
Fix proxy URL documentation rendering.

7.16.0 or higher
8.0.0 or higher

1.4.0

Enhancement (View pull request)
Update package to ECS 8.3.0.

7.16.0 or higher
8.0.0 or higher

1.3.0

Enhancement (View pull request)
Add support for Atlassian JIRA Cloud

7.16.0 or higher
8.0.0 or higher

1.2.0

Enhancement (View pull request)
Update to ECS 8.2

7.16.0 or higher
8.0.0 or higher

1.1.2

Enhancement (View pull request)
Update Readme

7.16.0 or higher
8.0.0 or higher

1.1.1

Enhancement (View pull request)
Add documentation for multi-fields

7.16.0 or higher
8.0.0 or higher

1.1.0

Enhancement (View pull request)
Update to ECS 8.0

7.16.0 or higher
8.0.0 or higher

1.0.1

Bug fix (View pull request)
Regenerate test files using the new GeoIP database

7.16.0 or higher
8.0.0 or higher

1.0.0

Enhancement (View pull request)
Initial draft of the package

7.16.0 or higher
8.0.0 or higher
« Atlassian Confluence Integration Auditd »