Atlassian Guard Detect¶
About¶
Atlassian Guard Detect is an intelligent threat detection system that monitors Atlassian cloud apps like Jira and Confluence.
Product Details¶
Vendor URL: Atlassian Guard Detect
Product Type: Threat Detection System
Product Tier: Tier I
Integration Method: N/A
Integration URL: N/A
Log Guide: N/A
Parser Details¶
Log Format: JSON
Expected Normalization Rate: Near 100%
Data Label: ATLASSIAN_GUARD_DETECT
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| alertDetailURL | principal.url |
| alertId | metadata.product_log_id |
| alertTitle | additional.fields |
| activity.time.start | metadata.event_timestamp |
| actor.accountId | additional.fields |
| actor.name | principal.user.userid |
| actor.sessions.0.ipAddress | principal.ip |
| actor.sessions.0.userAgent | network.http.user_agent |
| alert.product | metadata.product_name |
| alert.site | principal.url_metadata.url |
| type | metadata.product_event_type |
| workspace.cloudId | additional.fields |
| workspace.id | additional.fields |
| workspace.orgId | additional.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all | GENERIC_EVENT |
Log Sample¶
{"alertDetailURL":"https://detect.example.com/w/00000000-0000/alerts/1a2b3c4d5","alertId":"12345","alertTitle":"User API token created: Copilot CLI","detectionTime":1780050685848,"activity":{"time":{"start":"2026-05-29T10:31:25.269207718Z"}},"actor":{"accountId":"123456:a1b2c3d4-e5f6-7a8b-9c0d-e1f2a3b4c5d6","name":"ABCDEF","sessions":[{"ipAddress":"192.0.2.10","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36","loginTime":"2026-05-29T10:30:43.890Z","lastActiveTime":"2026-05-29T10:30:43.890Z"},{"ipAddress":"192.0.2.10","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36","loginTime":"2026-05-25T07:33:01.367Z","lastActiveTime":"2026-05-29T10:30:14.164Z"}],"url":"https://detect.example.com/w/00000000-0000/alerts/1a2b3c4d5"},"alert":{"created":"2026-05-29T10:31:25.848Z","id":"1a2b3c4d5e6f7g8h9i0j","product":"ADMIN_HUB","site":"https://detect.example.com/w/00000000-0000/alerts/1a2b3c4d5","title":"User API token created: Copilot CLI","url":"https://detect.example.com/w/00000000-0000/alerts/1a2b3c4d5"},"id":"1a2b3c4d5e6f7g8h9i0j","timestamp":1780050685848,"type":"beacon:create:alert","workspace":{"cloudId":"abcdef12-3456-7890-abcd-ef1234567890","id":"00000000-0000-0000-0000-000000000000","orgId":"99999999-8888-7777-6666-555544443333"}}
Sample Parsing¶
metadata.product_log_id = "12345"
metadata.event_timestamp = "2026-05-29T10:31:25.269207718Z"
metadata.log_type = "ATLASSIAN_GUARD_DETECT"
metadata.product_event_type = "beacon:create:alert"
metadata.product_name = "ADMIN_HUB"
metadata.vendor_name = "Atlassian Guard Detect"
principal.url = "https://detect.example.com/w/00000000-0000/alerts/1a2b3c4d5"
principal.url_metadata.url = "https://detect.example.com/w/00000000-0000/alerts/1a2b3c4d5"
principal.user.userid = "ABCDEF"
principal.ip = "192.0.2.10"
network.http.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36"
additional.fields = "User API token created: Copilot CLI"
additional.fields = "123456:a1b2c3d4-e5f6-7a8b-9c0d-e1f2a3b4c5d6"
additional.fields = "abcdef12-3456-7890-abcd-ef1234567890"
additional.fields = "00000000-0000-0000-0000-000000000000"
additional.fields = "99999999-8888-7777-6666-555544443333"