Solutions/AtlassianJiraAudit/Hunting Queries/JiraUpdatedWorkflows.yaml (24 lines of code) (raw):
id: d4dd32bb-84a4-4fdc-9118-3039cbabb4f8
name: Jira - Updated workflows
description: |
'Query searches for updated workflows.'
severity: Medium
requiredDataConnectors:
- connectorId: JiraAuditAPI
dataTypes:
- JiraAudit
tactics:
- Impact
relevantTechniques:
- T1565
query: |
JiraAudit
| where TimeGenerated > ago(24h)
| where EventMessage =~ 'Workflow updated'
| project EventCreationTime, UserName, SrcIpAddr, ObjectItemName, ChangedValues
| extend AccountCustomEntity = UserName
entityMappings:
- entityType: Account
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity