Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml (76 lines of code) (raw):
id: 91a64f79-c926-4b7f-a77e-b202f79fe4bf
Function:
Title: Parser for ConfluenceAudit
Version: '1.0.0'
LastUpdated: '2025-04-11'
Category: Microsoft Sentinel Parser
FunctionName: ConfluenceAudit
FunctionAlias: ConfluenceAudit
FunctionQuery: |
let ConfluenceAuditLogs = view () {
union isfuzzy=true
(Confluence_Audit_CL // Schema created by Azure Function App Connector
| extend
EventVendor="Atlassian",
EventProduct="Confluence",
AuthorUsername=column_ifexists('author_username_s', ''),
AuthorUserKey=column_ifexists('author_userKey_g', ''),
AuthorAccountId=column_ifexists('author_accountId_s', ''),
AuthorType=column_ifexists('author_type_s', ''),
AuthorDisplayName=column_ifexists('author_displayName_s', ''),
AuthorIsExternalCollaborator=column_ifexists('author_isExternalCollaborator_b', ''),
AuthorAccountType=column_ifexists('author_accountType_s', ''),
AuthorPublicName=column_ifexists('author_publicName_s', ''),
AuthorExternalCollaborator=column_ifexists('author_externalCollaborator_b', ''),
RemoteAddress=column_ifexists('remoteAddress_s', ''),
CreationDate=column_ifexists('creationDate_d', ''),
Summary=column_ifexists('summary_s', ''),
Description=column_ifexists('description_s', ''),
Category=column_ifexists('Category', ''),
SysAdmin=column_ifexists('sysAdmin_b', ''),
SuperAdmin=column_ifexists('superAdmin_b', ''),
AffectedObjectName=column_ifexists('affectedObject_name_s', ''),
AffectedObjectObjectType=column_ifexists('affectedObject_objectType_s', ''),
ChangedValues=column_ifexists('changedValues_s', ''),
AssociatedObjects=column_ifexists('associatedObjects_s', ''),
UserIdentity=column_ifexists('author_accountId_s', ''),
SrcUserName=column_ifexists('author_displayName_s', ''),
DstUserSid=column_ifexists('author_userKey_s', ''),
SrcIpAddr=column_ifexists('remoteAddress_s', ''),
EventCreationTime=column_ifexists('creationDate_d', ''),
EventMessage=column_ifexists('summary_s', ''),
EventCategoryType =column_ifexists('Category', '')
| project
TimeGenerated,
EventVendor,
EventProduct,
AuthorUsername,
AuthorAccountId,
AuthorType,
AuthorDisplayName,
AuthorIsExternalCollaborator,
AuthorUserKey,
AuthorAccountType,
AuthorPublicName,
AuthorExternalCollaborator,
RemoteAddress,
CreationDate,
Summary,
Description,
Category,
SysAdmin,
SuperAdmin,
AffectedObjectName,
AffectedObjectObjectType,
ChangedValues,
AssociatedObjects,
UserIdentity,
SrcUserName,
DstUserSid,
SrcIpAddr,
EventCreationTime,
EventMessage,
EventCategoryType),
(ConfluenceAuditLogs_CL // Schema created by CCP Connector
| extend TimeGenerated = unixtime_milliseconds_todatetime(CreationDate))};
ConfluenceAuditLogs