id: 3e6ff26d-05dc-4921-9a60-444a0e28cd45 name: Jira - Updated workflow schemes description: | 'Query searches for updated workflow schemes.' severity: Medium requiredDataConnectors: - connectorId: JiraAuditAPI dataTypes: - JiraAudit tactics: - Impact relevantTechniques: - T1565 query: | JiraAudit | where TimeGenerated > ago(24h) | where EventMessage =~ 'Workflow scheme updated' | project EventCreationTime, UserName, SrcIpAddr, ObjectItemName | extend AccountCustomEntity = UserName entityMappings: - entityType: Account fieldMappings: - identifier: Name columnName: AccountCustomEntity