
Summary
This detection rule is designed to identify the deletion of Bitbucket global secret scanning rules within an organization's Bitbucket instance. Global secret scanning is crucial for identifying sensitive information accidentally stored in repositories. The rule monitors audit log events specifically for instances where the action categorized under 'Global administration' is captured, with the specific action being labeled as 'Global secret scanning rule deleted'. Detecting such deletions is important as they could indicate either legitimate changes made by administrators or potential malicious activities aiming to disable security measures. The effectiveness of this rule relies on the configuration of the audit log level, which must be set to 'Basic' or higher to capture the relevant events.
Categories
- Cloud
- Application
- Identity Management
Data Sources
- Application Log
- User Account
Created: 2024-02-25