Community
Q&A
Atlassian Guard
Questions
Atlassian Guard - SIEM webhooks - Empty payload

Atlassian Guard - SIEM webhooks - Empty payload

Hello,

I am integrating Atlassian Guard Detect alerts into a SIEM (NGSIEM / Falcon LogScale) using the official guidance here:
https://support.atlassian.com/security-and-access-policies/docs/send-alerts-to-a-siem-slack-or-other-tools/

However, the events we receive appear to be missing the actual payload (JSON body) and only contain metadata.

The times of the events received in our SIEM match the timestamps of the alerts in atlassian guard dashboard, but the events received are empty, have no payload/rawstring.

1 answer

0 votes

Hello and welcome to the Community @Jesus Martin Jurado

Which Atlassian Guard tier (Standard or Premium) are you using, and which specific Falcon LogScale ingestion endpoint are you targeting?

Have you tried testing the Guard Detect webhook with a neutral receiver like webhook.site to see if the JSON payload actually shows up? If the payload is visible there, issue could be on the LogScale parsing side or if it's empty there too. should we have Atlassian Support look into the backend webhook delivery? (Did you have Opened ticket?)

Best,

Arkadiusz 🤠☀️

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Atlassian Guard - SIEM webhooks - Empty payload

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events