Solutions/AtlassianJiraAudit/Hunting Queries/JiraWorkflowAddedToProject.yaml (24 lines of code) (raw):
id: 2f875fa8-ced3-4059-b453-616dbc6eb276
name: Jira - Workflow schemes added to projects
description: |
'Query searches for workflow schemes added to projects.'
severity: Medium
requiredDataConnectors:
- connectorId: JiraAuditAPI
dataTypes:
- JiraAudit
tactics:
- Impact
relevantTechniques:
- T1565
query: |
JiraAudit
| where TimeGenerated > ago(24h)
| where EventMessage =~ 'Workflow scheme added to project'
| project EventCreationTime, UserName, ObjectItemName, AssociatedItems
| extend AccountCustomEntity = UserName
entityMappings:
- entityType: Account
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity