Solutions/AtlassianConfluenceAudit/Parsers/ConfluenceAudit.yaml (76 lines of code) (raw):

id: 91a64f79-c926-4b7f-a77e-b202f79fe4bf Function: Title: Parser for ConfluenceAudit Version: '1.0.0' LastUpdated: '2025-04-11' Category: Microsoft Sentinel Parser FunctionName: ConfluenceAudit FunctionAlias: ConfluenceAudit FunctionQuery: | let ConfluenceAuditLogs = view () { union isfuzzy=true (Confluence_Audit_CL // Schema created by Azure Function App Connector | extend EventVendor="Atlassian", EventProduct="Confluence", AuthorUsername=column_ifexists('author_username_s', ''), AuthorUserKey=column_ifexists('author_userKey_g', ''), AuthorAccountId=column_ifexists('author_accountId_s', ''), AuthorType=column_ifexists('author_type_s', ''), AuthorDisplayName=column_ifexists('author_displayName_s', ''), AuthorIsExternalCollaborator=column_ifexists('author_isExternalCollaborator_b', ''), AuthorAccountType=column_ifexists('author_accountType_s', ''), AuthorPublicName=column_ifexists('author_publicName_s', ''), AuthorExternalCollaborator=column_ifexists('author_externalCollaborator_b', ''), RemoteAddress=column_ifexists('remoteAddress_s', ''), CreationDate=column_ifexists('creationDate_d', ''), Summary=column_ifexists('summary_s', ''), Description=column_ifexists('description_s', ''), Category=column_ifexists('Category', ''), SysAdmin=column_ifexists('sysAdmin_b', ''), SuperAdmin=column_ifexists('superAdmin_b', ''), AffectedObjectName=column_ifexists('affectedObject_name_s', ''), AffectedObjectObjectType=column_ifexists('affectedObject_objectType_s', ''), ChangedValues=column_ifexists('changedValues_s', ''), AssociatedObjects=column_ifexists('associatedObjects_s', ''), UserIdentity=column_ifexists('author_accountId_s', ''), SrcUserName=column_ifexists('author_displayName_s', ''), DstUserSid=column_ifexists('author_userKey_s', ''), SrcIpAddr=column_ifexists('remoteAddress_s', ''), EventCreationTime=column_ifexists('creationDate_d', ''), EventMessage=column_ifexists('summary_s', ''), EventCategoryType =column_ifexists('Category', '') | project TimeGenerated, EventVendor, EventProduct, AuthorUsername, AuthorAccountId, AuthorType, AuthorDisplayName, AuthorIsExternalCollaborator, AuthorUserKey, AuthorAccountType, AuthorPublicName, AuthorExternalCollaborator, RemoteAddress, CreationDate, Summary, Description, Category, SysAdmin, SuperAdmin, AffectedObjectName, AffectedObjectObjectType, ChangedValues, AssociatedObjects, UserIdentity, SrcUserName, DstUserSid, SrcIpAddr, EventCreationTime, EventMessage, EventCategoryType), (ConfluenceAuditLogs_CL // Schema created by CCP Connector | extend TimeGenerated = unixtime_milliseconds_todatetime(CreationDate))}; ConfluenceAuditLogs