Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Features in Guard that may addressed known tactics for exploit?

Kelvin CHUA
kc July 10, 2024

Taking reference from Mitre Enterprise, curious to know, what are the features in Guard that relates or touches on the list of product offerings by Atlassian, following examples ( of tactics used by adversaries?

1)Data from Information Repositories: Confluence

https://attack.mitre.org/techniques/T1213/001/

2)Taint Shared Content

https://attack.mitre.org/techniques/T1080/

3)Transfer Data to Cloud Account

https://attack.mitre.org/techniques/T1537/

4)Event Triggered Execution

https://attack.mitre.org/techniques/T1546/

5)Steal Application Access Token

https://attack.mitre.org/techniques/T1528/

Thank you.

Answer
Watch
Like Be the first to like this
67 views

1 answer

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Jeremy Galloway
Jeremy Galloway
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 11, 2024

Thanks for the question kc.

Guard has multiple detections relating to content exfiltration as well as post-exploitation, lateral movement and privileged token use. The audit log provides comprehensive and immutable records about token creation and use, as well as data exports (users, actions, IP/location, etc). In the future, we hope to offer even more complete detections and telemetry around attachment operations to give customers highly detailed insights into these granular actions. We're also pursuing opportunities to create both detections and responses related to our automation platform

We're always curious and eager to hear about specific detection requests that can help our customers solve problems in their organizations. If you have any detections ideas, please feel free to share them with us.

View More Comments
Reply
Kelvin CHUA
kc July 14, 2024

Thanks @Jeremy Galloway for the response. Am trying to piece out the different features of Guard together to address the above list. Wondering if there's any cheat sheets or sort that explains the objectives of the Guard Features and what it is trying to address?  

Detection ideas if i may share and the example below from Palo Alto SSPM solution to detect posture risks in the Atlassian instance or misconfigurations. 

Concerns and considerations are, the tool requires an api token, generated by an Atlassian Org Admin. If only Guard offer this capability natively it will be great.

https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/onboard-saas-apps-supported-by-sspm/onboard-an-atlassian-app-to-sspm

Like Jeremy Galloway likes this
groups-icon
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events