Atlassian provides team collaboration software that helps teams organize, discuss, and complete shared work. Panther can collect, normalize, and monitor Atlassian logs to help you identify any suspicious activity within your organization in real time. Your normalized data is then retained to enable future security investigations in a serverless security data lake powered by Snowflake.
Use Cases for Atlassian Audit Logs
Common security use cases for Atlassian logs include monitoring for:
- Admin privilege escalations or admin role assignments
- Changes to MFA or IAM policies
- Brute force login attempts or impersonator logins
Onboarding Atlassian Logs in Panther
Panther’s integration for Atlassian is simple and fast to configure, allowing you to onboard logs in just a few minutes. Simply generate an Atlassian API Key, select Atlassian from the list of log sources within the Panther console, and enter basic Atlassian credentials and your API Key.
Panther has the ability to fetch Atlassian audit logs by querying the Atlassian Organizations REST API. For more details on onboarding or for supported log schema, you can view our Atlassian documentation here.
Parse, Normalize, & Analyze
As Panther ingests Atlassian audit logs, they are parsed, normalized, and stored in a Snowflake security data lake. This allows you to write detections, identify anomalies, and conduct investigations on Atlassian logs in the context of days, weeks, or months of data.
Panther applies normalization fields to all log records, which standardizes names for attributes and empowers users to correlate data across all of your log sources. You can then use various search tools - such as Data Explorer, Indicator Search, and Query Builder - to investigate your normalized logs for suspicious activity or vulnerabilities. For more information on searching log data, check out our documentation on Investigations & Search.
Built-In & Easily Customizable Detections
A number of pre-built detections for Atlassian are available by default in Panther, offering users immediate value for monitoring common IoCs and threats. You can explore our built-in detection coverage for Atlassian logs here.
Panther users aren’t confined to restrictive detections or proprietary languages as seen in many SIEM platforms. Panther is architected around detection-as-code principles, giving you the ability to write Python to define detection logic and to integrate external systems like version control and CI/CD pipelines into your detection engineering processes. This results in powerful, scalable, and reusable scripting of detections for your security team.
Panther generates alerts when your detection rules or policies are triggered, and integrates with a variety of alert destinations to allow for easy access and management of any Atlassian alerts. Alerts can also be sent to alert context or SOAR platforms for more remediation options.
Alerts are categorized by five different severity levels: Info, Low, Medium, High, and Critical. Your team has the ability to dynamically assign severity based on specific log event attributes.
If you have any questions about configuring or monitoring Atlassian logs in Panther, our customer support team is here to help. All customers have access to support via a dedicated Slack channel, email, or in-app messenger.
You can view our documentation on configuring and monitoring Atlassian logs here, or customers can sign up for the Panther Community to share best practices or custom detections for Atlassian logs.
Replacing Traditional SIEM for Atlassian Logs
With Panther, your security team doesn’t have to struggle with rigid detection logic, waste time and resources on operational overhead, or pay excessive costs to keep up with the growth of cloud app data. Panther was founded by a team of security engineers who struggled with today’s SIEM challenges first-hand, and built an intuitive, cloud-native platform to solve them.
Panther is a cloud-native SIEM built for security operations at scale, offering powerful detection-as-code, intuitive security workflows, and actionable real-time alerts to keep up with the needs of today’s security teams. If you’re searching for a seamless SIEM platform for Atlassian logs, request a demo today.