Atlassian Jira Audit

Solution: AtlassianJiraAudit

AtlassianJiraAudit Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index

Attribute Value
Publisher Microsoft Corporation
Support Tier Microsoft
Support Link https://support.microsoft.com
Categories domains
Version 3.0.6
Author Microsoft - support@microsoft.com
First Published 2022-01-10
Last Updated 2026-03-26
Solution Folder AtlassianJiraAudit
Marketplace Azure Marketplace · Popularity: 🔵 Medium (79%)

The Atlassian Jira Audit solution provides the capability to ingest Jira Audit Records events into Microsoft Sentinel through the REST API. Refer to API documentation for more information.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Azure Monitor HTTP Data Collector API

b.Azure Functions

c.Codeless Connector Platform (CCP)

Contents

Data Connectors

This solution provides 2 data connector(s):

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 2 table(s):

Table Used By Connectors Used By Content
Jira_Audit_CL 🔶 [DEPRECATED] Atlassian Jira Audit (using Azure Function) Analytics, Hunting, Workbooks
Jira_Audit_v2_CL Atlassian Jira Audit (via Codeless Connector Framework), [DEPRECATED] Atlassian Jira Audit (using Azure Function) Analytics, Hunting, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 29 content item(s):

Content Type Count
Analytic Rules 10
Hunting Queries 10
Playbooks 7
Workbooks 1
Parsers 1

Analytic Rules

Name Severity Tactics Tables Used
Jira - Global permission added Medium PrivilegeEscalation Jira_Audit_CL
Jira_Audit_v2_CL
Jira - New site admin user High Persistence, PrivilegeEscalation Jira_Audit_CL
Jira_Audit_v2_CL
Jira - New site admin user High InitialAccess Jira_Audit_CL
Jira_Audit_v2_CL
Jira - New user created Medium Persistence Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Permission scheme updated Medium Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Project roles changed Medium Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - User removed from group Medium Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - User removed from project Medium Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - User's password changed multiple times High Persistence Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Workflow scheme copied Medium Collection Jira_Audit_CL
Jira_Audit_v2_CL

Hunting Queries

Name Tactics Tables Used
Jira - Blocked tasks Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - New users Persistence Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Project versions Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Project versions released Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Updated projects Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Updated users PrivilegeEscalation, Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Updated workflow schemes Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Updated workflows Impact Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Users' IP addresses Persistence Jira_Audit_CL
Jira_Audit_v2_CL
Jira - Workflow schemes added to projects Impact Jira_Audit_CL
Jira_Audit_v2_CL

Workbooks

Name Tables Used
AtlassianJiraAudit Jira_Audit_CL
Jira_Audit_v2_CL

Playbooks

Name Description Tables Used
Create And Update Jira Issue This playbook will create or update incident in Jira. When incident is created, playbook will run an... -
Create Jira Issue alert-trigger This playbook will open a Jira Issue when a new incident is opened in Microsoft Sentinel. -
Create Jira Issue incident-trigger This playbook will open a Jira Issue when a new incident is opened in Microsoft Sentinel. -
Sync Jira from Sentinel - Create incident This Playbook will create JIRA incidents for every Microsoft Sentinel which is created. It includes ... -
Sync Jira to Sentinel - Assigned User This Playbook will sync the assigned user from JIRA to Microsoft Sentinel. -
Sync Jira to Sentinel - Status This Playbook will sync the status from JIRA to Microsoft Sentinel. -
Sync Jira to Sentinel - public comments This Playbook will sync the public comments from JIRA to Microsoft Sentinel. -

Parsers

Name Description Tables Used
JiraAudit - Jira_Audit_CL (read)
Jira_Audit_v2_CL (read)

Release Notes

Version Date Modified (DD-MM-YYYY) Change History
3.0.6 13-04-2026 Deprecate Atlassian Jira Audit (using Azure Function)
3.0.5 18-03-2026 Rename to Atlassian Jira Audit (via Codeless Connector Framework)
3.0.4 30-08-2024 Updated parameters for CCP Data Connector
3.0.3 14-08-2024 Data Connector[Atlassian Jira Audit (using REST API)] Globally Available
3.0.2 22-05-2024 Added new CCP Data Connector to the Solution
3.0.1 16-04-2024 Added Deploy to Azure Goverment button for Government portal in Dataconnector
3.0.0 06-11-2023 Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index