Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

DLP and Monitoring question - SIEM - SOC - API

Craig Hutin
Craig Hutin July 6, 2023

We currently make heavy use of Confluence for storing various information.

We also have a SOC team that monitors various systems.

 

What we would like to know is, does confluence have any kind of built in feature to trigger alerts or alarms if end users are seen to be downloading, copying or otherwise exporting pages from within Confluence?
Ideally if a user is doing this more than 'normal' or a threshold we could set?


Alternatively, are these kind of activities logged and if so are they accessible via API to be ingested into a SIEM for processing and alarming against?

 

One final question, is it correct that Confluence has no DLP as standard and instead 3rd party solutions like the following need to be used?

https://marketplace.atlassian.com/apps/1226179/dlp-for-confluence-nightfall-ai?tab=overview&hosting=cloud

 

Many thanks.

Answer
Watch
Like Be the first to like this
510 views

2 answers

0 votes
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 6, 2023

Hi @Craig Hutin ,

Welcome to the Community!

As @Mikael Sandberg already mentioned, Beacon is the tool that'll alert you of any unusual activity. We have been test-driving it internally and it's looking really good, despite still being in beta. It allows you to set the sensitivity for most of its detections, which you'll likely have to dial in for the level of activity that you see on your instance.

Beacon currently only has integrations to Teams, Slack and a "SIEM forwarding" feature. The SIEM forwarding basically allows you to trigger a webhook somewhere. Despite its name, that feature can be used for all kinds of webhooks so there's a lot of flexibility there.

Beacon however, does not do Data Loss Prevention. For DLP, you'll need a third party app.

As I work for Polymetis Apps, the company behind PII Protection one of the DLP apps for Confluence, I am clearly biased, so read the following with that in mind.

As of today, there's two ways to build apps for Confluence Cloud. As a vendor you can either run your app as a third party service on your own infrastructure or you can deploy your code to the Atlassian infrastructure and have it run by Atlassian. The first option (Connect) brings a vendor lots of control over the code and the data it manages while the second option (Forge) runs the code without any access by the vendor.

We have chosen to build on Forge, because it allows us to check for sensitive data without any customer data leaving Atlassian infrastructure. It also means that we as a vendor never see or even ingest any of our customers data. 

Finally, Atlassian also has Data loss prevention capabilities on their long-term roadmap for 2025, but there is only sparse information what that would entail. For a solution available today, you would typically either go with Nightfall or with something like PII Protection. 

Hope that helps, please don't hesitate to ask if you have any other questions.

Best regards,
 Oliver

View More Comments
Craig Hutin
Craig Hutin July 9, 2023

Thank you for this information Oliver.
At this stage I don't believe we want/need full DLP, but maybe in the near future.

For now we just want some way to have some kind of alert if an end user is doing something out of the ordinary. So initially Beacon sounds good.

Our SIEM has quite good processing ability so we *could* just get it do do the heavy lifting if there is an easy way to:

1) Get Confluence to log such activities (e.g. exporting a page).
2) Get Confluence to pass those logs to our SIEM, which could then look for abnormalities.

However using Beacon sounds like a better option.
I'll note about your recommendations for full DLP too though, thank you.

Like Oliver Siebenmarck _Polymetis Apps_ likes this
Reply
0 votes
Mikael Sandberg
Mikael Sandberg
Community Champion
July 6, 2023

Hi Craig,

Welcome to Atlassian Community!

Atlassian has a new product that is currently in Beta, Beacon, that can alert when there is unusual activity in Confluence, like viewing a lot of pages in a short period of time.

View More Comments
Craig Hutin
Craig Hutin July 9, 2023

Thank you for this @Mikael Sandberg , is there any information available on when it'll go out of Beta and any kind of pricing information?

 

Many thanks,

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security