diff --git a/packages/atlassian_confluence/_dev/build/docs/README.md b/packages/atlassian_confluence/_dev/build/docs/README.md index 7eb470fc1bc..423b44519ff 100644 --- a/packages/atlassian_confluence/_dev/build/docs/README.md +++ b/packages/atlassian_confluence/_dev/build/docs/README.md @@ -6,7 +6,7 @@ The Confluence integration collects [audit logs](https://confluence.atlassian.co ### Audit -The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. This has not been tested with Confluence Cloud and is not expected to work. +The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. {{fields "audit"}} diff --git a/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml b/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml index 9b385950103..a97c2d8b674 100644 --- a/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml +++ b/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml @@ -1,4 +1,5 @@ rules: + # Confluence Self Hosted Server - path: /rest/auditing/1.0/events methods: ["GET"] request_headers: @@ -23,3 +24,30 @@ rules: - status_code: 200 body: |- {"entities":[{"timestamp":"2021-11-23T00:44:58.940Z","author":{"name":"test user","type":"user","id":"2c9680837d4a3682017d4a375a280000","uri":"http://confluence.internal:8090/admin/users/viewuser.action?username=admin","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"81.2.69.143","system":"http://confluence.internal:8090","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"1 - 179"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"179"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-23T00:34:44.466Z - 2021-11-23T00:44:36.398Z"}]},{"timestamp":"2021-11-23T00:44:36.398Z","author":{"name":"test user","type":"user","id":"2c9680837d4a3682017d4a375a280000","uri":"http://confluence.internal:8090/admin/users/viewuser.action?username=admin","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"81.2.69.143","system":"http://confluence.internal:8090","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"79 - 178"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"100"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z"}]}],"pagingInfo":{"lastPage":false,"nextPageOffset":0,"nextPageCursor":"1637628276398,179","nextPageLink":"http://{{ hostname }}:{{ env "PORT" }}/rest/auditing/1.0/events?offset=0&limit=2&pageCursor=1637628276398,179","size":2}} + # Confluence Cloud + - path: /wiki/rest/api/audit + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + startDate: "{startDate:.*}" + endDate: "{endDate:.*}" + start: "2" + limit: "2" + responses: + - status_code: 200 + body: |- + {"results":[{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756738,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Deactivated)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]},{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756666,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]}],"start":2,"limit":2,"size":37,"_links":{"base":"https://test.atlassian.net/wiki","context":"/wiki","self":"https://test.atlassian.net/wiki/rest/api/audit"}} + - path: /wiki/rest/api/audit + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + startDate: "{startDate:.*}" + endDate: "{endDate:.*}" + limit: "2" + start: "0" + responses: + - status_code: 200 + body: |- + {"results":[{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097111962,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]},{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097094621,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]}],"start":0,"limit":2,"size":37,"_links":{"base":"https://test.atlassian.net/wiki","context":"/wiki","self":"https://test.atlassian.net/wiki/rest/api/audit"}} diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index ae74d32ff4d..ba233dd023d 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Add support for Atlassian Confluence Cloud + type: enhancement + link: https://github.com/elastic/integrations/pull/2715 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 50bdf4c2df6..74a2bf84356 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -1,15 +1,9 @@ { "expected": [ { + "@timestamp": "2021-11-23T00:44:36.398Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -30,68 +24,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:44:36.398Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:44:36.398Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 178\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:44:36.398Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 178\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:43:12.188Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -112,68 +106,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:43:12.188Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:43:12.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:43:12.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:45.280Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -194,68 +188,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:45.280Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:45.280Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"77 - 176\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:45.280Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"77 - 176\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:17.165Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -276,68 +270,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:17.165Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:17.165Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:17.165Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:16.741Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -358,68 +352,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:16.741Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:16.741Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"75 - 174\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:16.741Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"75 - 174\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:07.156Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -440,68 +434,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:07.156Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:07.156Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:07.156Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:41:06.871Z", + "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -522,68 +516,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:06.871Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:06.871Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"73 - 172\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:06.871Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"73 - 172\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:40:32.595Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -604,68 +598,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:40:32.595Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:40:32.595Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:40:32.595Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:40:32.138Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -686,82 +680,82 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:40:32.138Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:40:32.138Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"71 - 170\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:40:32.138Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"71 - 170\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.908Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -778,89 +772,89 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.908Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.908Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.908Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.904Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -877,89 +871,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.904Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.904Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.904Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.899Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -976,87 +970,87 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.899Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.899Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.899Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.895Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1068,89 +1062,89 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.895Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.895Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.895Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.891Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1167,89 +1161,89 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.891Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.891Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.891Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.887Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1266,89 +1260,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.887Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.887Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.887Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.882Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1365,87 +1359,87 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.882Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.882Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.882Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.877Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1457,89 +1451,89 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.877Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.877Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.877Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.872Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1556,89 +1550,89 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.872Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.872Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.872Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.868Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1655,89 +1649,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.868Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.868Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.868Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.862Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1754,87 +1748,87 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.862Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.862Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.862Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.858Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1846,89 +1840,89 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.858Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.858Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.858Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.853Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1945,89 +1939,89 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.853Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.853Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.853Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.848Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2044,89 +2038,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.848Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.848Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.848Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.841Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2143,87 +2137,87 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.841Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.841Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.841Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.832Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2235,89 +2229,89 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.832Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.832Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.832Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.821Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2334,89 +2328,89 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.821Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.821Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.821Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.811Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2433,89 +2427,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.811Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.811Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.811Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.796Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2532,87 +2526,87 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.796Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.796Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.796Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.785Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2624,89 +2618,89 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.785Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.785Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.785Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.777Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2723,89 +2717,89 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.777Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.777Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.777Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.770Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2822,89 +2816,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.770Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.770Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.770Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.756Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2921,87 +2915,87 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.756Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.756Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.756Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.751Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3013,89 +3007,89 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.751Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.751Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.751Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.744Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3112,89 +3106,89 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.744Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.744Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.744Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.728Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3211,89 +3205,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.728Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.728Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.728Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.713Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3310,87 +3304,87 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.713Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.713Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.713Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.705Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3402,89 +3396,89 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.705Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.705Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.705Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.688Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3501,89 +3495,89 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.688Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.688Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.688Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.675Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3600,89 +3594,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.675Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.675Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.675Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.668Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3699,87 +3693,87 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.668Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.668Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.668Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.654Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3791,89 +3785,89 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.654Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.654Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.654Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.644Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3890,89 +3884,89 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.644Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.644Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.644Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.639Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3989,89 +3983,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.639Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.639Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.639Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.634Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4088,89 +4082,89 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.634Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.634Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.634Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.628Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4187,89 +4181,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.628Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.628Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.628Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.618Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4286,87 +4280,87 @@ "key": "Type", "to": "SETSPACEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.618Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.618Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.618Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.612Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4378,89 +4372,89 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.612Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.612Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.612Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.606Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4477,89 +4471,89 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.606Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.606Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.606Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.596Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4576,89 +4570,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.596Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.596Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.596Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.592Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4675,87 +4669,87 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.592Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.592Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.592Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.588Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4767,89 +4761,89 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.588Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.588Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.588Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.584Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4866,89 +4860,89 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.584Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.584Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.584Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.580Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4965,89 +4959,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.580Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.580Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.580Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.575Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5064,87 +5058,87 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.575Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.575Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.575Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.571Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5156,89 +5150,89 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.571Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.571Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.571Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.567Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5255,89 +5249,89 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.567Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.567Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.567Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.556Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5354,89 +5348,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.556Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.556Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.556Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.454Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5453,87 +5447,87 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.454Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.454Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.454Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.444Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5545,89 +5539,89 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.444Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.444Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.444Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.435Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5644,89 +5638,89 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.435Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.435Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.435Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.424Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5743,89 +5737,89 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.424Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.424Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.424Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.404Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5842,4610 +5836,4610 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.404Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.404Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.404Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.393Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.393Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.375Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.375Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.375Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.375Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.366Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.366Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.366Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.366Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.361Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.361Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.361Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.361Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.357Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.357Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.357Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.357Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.350Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.350Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.350Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.350Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.342Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "SETPAGEPERMISSIONS", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.342Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.342Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.342Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.330Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.330Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.330Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.330Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.324Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.324Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.324Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.324Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.311Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.311Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.311Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.311Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.303Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "SETPAGEPERMISSIONS", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.303Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.303Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.303Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.295Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "SETPAGEPERMISSIONS", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] - } + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } + } }, - "@timestamp": "2021-11-23T00:39:37.295Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.295Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.295Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.290Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.290Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.290Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.290Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.285Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.285Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.285Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.285Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.282Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.282Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.282Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.282Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.278Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.278Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.278Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.278Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.274Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" } - ] - } - }, - "@timestamp": "2021-11-23T00:39:37.274Z", - "ecs": { + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } + } + }, + "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.274Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.274Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.270Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.270Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.270Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.270Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.266Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.266Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.266Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.266Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.262Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.262Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.262Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.262Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.258Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.258Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.258Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.258Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.254Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.254Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.254Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.254Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.250Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.250Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.250Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.250Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.246Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.246Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.246Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.246Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.242Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.242Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.242Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.242Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.238Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.238Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.238Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.238Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.234Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.234Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.234Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.234Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.230Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.230Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.230Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.230Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.225Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.225Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.225Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.225Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.221Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.221Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.221Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.221Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.217Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.217Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.217Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.217Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.212Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.212Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.212Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.212Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.208Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.208Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.208Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.208Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.204Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.204Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.204Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.204Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.200Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.200Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.200Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.200Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.194Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.194Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.194Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.194Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.188Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.188Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.176Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.176Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.176Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.176Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.166Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.166Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.166Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.166Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.160Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.160Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.160Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.160Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.155Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.155Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.155Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.155Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.149Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.149Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.149Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.149Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.143Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.143Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.143Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.143Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.137Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.137Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.137Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.137Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.132Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.132Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.132Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.132Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.128Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.128Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.128Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.128Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.122Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.122Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.122Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.122Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.115Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.115Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.115Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.115Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.107Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.107Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.107Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.107Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.099Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.099Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.099Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.099Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.091Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "SETSPACEPERMISSIONS", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.091Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.091Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.091Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.055Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "SETSPACEPERMISSIONS", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.055Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.055Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.055Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, { + "@timestamp": "2021-11-23T00:39:37.008Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.008Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.008Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.008Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:36.900Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.config.updated", - "action": "Space configuration updated", - "categoryI18nKey": "audit.logging.category.spaces", - "category": "Spaces" - }, "changed_values": [ { "i18nKey": "Description", @@ -10476,142 +10470,142 @@ "key": "Space type", "to": "global" } - ] + ], + "method": "Browser", + "type": { + "action": "Space configuration updated", + "actionI18nKey": "audit.logging.summary.space.config.updated", + "category": "Spaces", + "categoryI18nKey": "audit.logging.category.spaces" + } } }, - "@timestamp": "2021-11-23T00:39:36.900Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.config.updated", + "category": [ + "configuration" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:36.900Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.spaces\",\"category\":\"Spaces\",\"actionI18nKey\":\"audit.logging.summary.space.config.updated\",\"action\":\"Space configuration updated\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"\"},{\"key\":\"Home page\",\"i18nKey\":\"Home page\",\"to\":\"page: asdf v.1 (65593)\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"asdf\"},{\"key\":\"Space key\",\"i18nKey\":\"Space key\",\"to\":\"ASDF\"},{\"key\":\"Space status\",\"i18nKey\":\"Space status\",\"to\":\"CURRENT\"},{\"key\":\"Space type\",\"i18nKey\":\"Space type\",\"to\":\"global\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.config.updated", - "original": "{\"timestamp\":\"2021-11-23T00:39:36.900Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.spaces\",\"category\":\"Spaces\",\"actionI18nKey\":\"audit.logging.summary.space.config.updated\",\"action\":\"Space configuration updated\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"\"},{\"key\":\"Home page\",\"i18nKey\":\"Home page\",\"to\":\"page: asdf v.1 (65593)\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"asdf\"},{\"key\":\"Space key\",\"i18nKey\":\"Space key\",\"to\":\"ASDF\"},{\"key\":\"Space status\",\"i18nKey\":\"Space status\",\"to\":\"CURRENT\"},{\"key\":\"Space type\",\"i18nKey\":\"Space type\",\"to\":\"global\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:36.323Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.space.import", "action": "Space import", - "categoryI18nKey": "audit.logging.category.import.export", - "category": "Import/Export" + "actionI18nKey": "audit.logging.summary.space.import", + "category": "Import/Export", + "categoryI18nKey": "audit.logging.category.import.export" } } }, - "@timestamp": "2021-11-23T00:39:36.323Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.import", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:36.323Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.import", - "original": "{\"timestamp\":\"2021-11-23T00:39:36.323Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:11.067Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10633,68 +10627,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:39:11.067Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:11.067Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"52 - 61\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:39:11.057109Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:39:11.067Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"52 - 61\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:39:11.057109Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:58.965Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10716,68 +10710,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:58.965Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:58.965Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"60 - 60\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:58.959089Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"1\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:58.965Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"60 - 60\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:58.959089Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"1\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:57.393Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10799,68 +10793,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:57.393Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:57.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 59\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:57.380777Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"11\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" - ] - }, + ], + "user": [ + "admin" + ] + }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:57.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 59\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:57.380777Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"11\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:42.240Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10882,68 +10876,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:42.240Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:42.240Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 58\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:42.224135Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:42.240Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 58\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:42.224135Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:35.211Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10965,81 +10959,99 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:35.211Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:35.211Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:35.065543Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:35.211Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:35.065543Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { "@timestamp": "2021-11-23T00:35:04.387Z", "confluence": { "audit": { - "method": "System", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "i18nKey": "atlassian.audit.event.change.retention", "key": "Retention", "to": "3 Years" } - ] + ], + "method": "System", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"system\":\"http://confluence.internal:8090\",\"method\":\"System\",\"extraAttributes\":[]}", + "type": [ + "admin", + "change" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11048,50 +11060,32 @@ "service": { "address": "http://confluence.internal:8090" }, - "event": { - "action": "atlassian.audit.event.action.audit.config.updated", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"system\":\"http://confluence.internal:8090\",\"method\":\"System\",\"extraAttributes\":[]}", - "type": [ - "admin", - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "System", "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.306Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11108,13 +11102,32 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.306Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.306Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11127,66 +11140,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.306Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.305Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11203,13 +11197,32 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.305Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.305Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11222,64 +11235,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.305Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.303Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -11291,13 +11285,32 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.303Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.303Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11310,66 +11323,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.303Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.301Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11386,13 +11380,32 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.301Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.301Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11405,66 +11418,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.301Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.299Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11481,13 +11475,32 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.299Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.299Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11500,64 +11513,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.299Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.298Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -11569,13 +11563,32 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.298Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.298Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11588,66 +11601,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.298Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.296Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11664,13 +11658,32 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.296Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.296Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11683,66 +11696,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.296Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.294Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11759,13 +11753,32 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.294Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.294Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11778,64 +11791,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.294Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.292Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -11847,13 +11841,32 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.292Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.292Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11866,66 +11879,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.292Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.290Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11942,13 +11936,32 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.290Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.290Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11961,66 +11974,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.290Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.288Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12037,13 +12031,32 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.288Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.288Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12056,64 +12069,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.288Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.287Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12125,13 +12119,32 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.287Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.287Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12144,66 +12157,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.287Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.285Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12220,13 +12214,32 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.285Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.285Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12239,66 +12252,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.285Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.283Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12315,13 +12309,32 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.283Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.283Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12334,64 +12347,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.283Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.281Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12403,13 +12397,32 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.281Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.281Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12422,66 +12435,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.281Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.279Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12498,13 +12492,32 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.279Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.279Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12517,66 +12530,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.279Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.277Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12593,13 +12587,32 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.277Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.277Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12612,64 +12625,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.277Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.275Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12681,13 +12675,32 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.275Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.275Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12700,66 +12713,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.275Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.273Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12776,13 +12770,32 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.273Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.273Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12795,66 +12808,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.273Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.271Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12871,13 +12865,32 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.271Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.271Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12890,64 +12903,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.271Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.269Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12959,85 +12953,85 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.269Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" - ], - "ip": [ - "81.2.69.143" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.269Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" + ], + "ip": [ + "81.2.69.143" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.269Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.267Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13054,13 +13048,32 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.267Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.267Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13073,66 +13086,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.267Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.265Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13149,13 +13143,32 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.265Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.265Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13168,64 +13181,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.265Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.262Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -13237,13 +13231,32 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.262Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.262Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13256,66 +13269,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.262Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.259Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13332,13 +13326,32 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.259Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.259Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13351,66 +13364,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.259Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.257Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13427,13 +13421,32 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.257Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.257Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13446,66 +13459,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.257Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.255Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13522,13 +13516,32 @@ "key": "Type", "to": "SETSPACEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.255Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.255Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13541,64 +13554,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.255Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.253Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -13610,13 +13604,32 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.253Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13629,66 +13642,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.251Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13705,13 +13699,32 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.251Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13724,66 +13737,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.249Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13800,83 +13794,83 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.249Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" - ], - "ip": [ - "81.2.69.143" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.249Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" + ], + "ip": [ + "81.2.69.143" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.249Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.247Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -13888,13 +13882,32 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.247Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.247Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13907,66 +13920,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.247Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.245Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13983,13 +13977,32 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.245Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.245Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14002,66 +14015,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.245Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.242Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14078,13 +14072,32 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.242Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.242Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14097,64 +14110,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.242Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.240Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -14166,13 +14160,32 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.240Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.240Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14185,66 +14198,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.240Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.238Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14261,13 +14255,32 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.238Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.238Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14280,66 +14293,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.238Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.235Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14356,13 +14350,32 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.235Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.235Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14375,64 +14388,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.235Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.231Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -14444,13 +14438,32 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.231Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.231Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14463,66 +14476,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.231Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.219Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14539,13 +14533,32 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.219Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.219Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14558,66 +14571,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.219Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.192Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14634,16 +14628,35 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.192Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.192Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" ], "ip": [ "81.2.69.143" @@ -14653,236 +14666,217 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.192Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.950Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "admin", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.membership.added", "action": "User added to group", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.membership.added", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.950Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.950Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.950Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9680837d4a3682017d4a375a280000", "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" - } + "id": "confluence-administrators", + "name": "confluence-administrators" + }, + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.924Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "admin", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.membership.added", "action": "User added to group", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.membership.added", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.924Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.924Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.924Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9680837d4a3682017d4a375a280000", "group": { - "name": "confluence-users", - "id": "confluence-users" - } + "id": "confluence-users", + "name": "confluence-users" + }, + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.860Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" } ], - "type": { - "actionI18nKey": "audit.logging.summary.user.created", - "action": "User created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "i18nKey": "Active", @@ -14904,91 +14898,92 @@ "key": "Username", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "audit.logging.summary.user.created", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-23T00:35:03.860Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.user.created", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.860Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"to\":\"test user\"},{\"key\":\"Email\",\"i18nKey\":\"Email\",\"to\":\"test.user@example.com\"},{\"key\":\"Username\",\"i18nKey\":\"Username\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.user.created", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.860Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"to\":\"test user\"},{\"key\":\"Email\",\"i18nKey\":\"Email\",\"to\":\"test.user@example.com\"},{\"key\":\"Username\",\"i18nKey\":\"Username\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "changes": { - "name": "admin", "email": "test.user@example.com", - "full_name": "test user" + "full_name": "test user", + "name": "admin" }, "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", + "email": "test.user@example.com", "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.253Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15000,13 +14995,32 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.253Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15019,60 +15033,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.251Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15084,13 +15079,32 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.251Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15103,60 +15117,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.250Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15168,13 +15163,32 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.250Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.250Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15187,60 +15201,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.250Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.246Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15252,13 +15247,32 @@ "key": "Type", "to": "SYSTEMADMINISTRATOR" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.246Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.246Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15271,60 +15285,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.246Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.243Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15336,13 +15331,32 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.243Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.243Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15355,60 +15369,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.243Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.241Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15420,13 +15415,32 @@ "key": "Type", "to": "ADMINISTRATECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.241Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.241Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15439,60 +15453,41 @@ "address": "http://confluence.internal:8090" }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", - "city_name": "London", - "country_iso_code": "GB", - "country_name": "United Kingdom", - "region_name": "England", - "location": { - "lon": -0.0931, - "lat": 51.5142 - } - }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.241Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.239Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15504,13 +15499,32 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.239Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.239Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15523,60 +15537,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.239Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.217Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15588,13 +15583,32 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.217Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.217Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15607,66 +15621,69 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.217Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.201Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.created", "action": "Group created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.created", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.201Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.201Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-users", + "name": "confluence-users" + }, "related": { "hosts": [ "confluence.internal" @@ -15679,69 +15696,69 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.201Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-users", - "id": "confluence-users" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-23T00:35:03.188Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.created", "action": "Group created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.created", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.188Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.188Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-administrators", + "name": "confluence-administrators" + }, "related": { "hosts": [ "confluence.internal" @@ -15754,61 +15771,39 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.188Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-23T00:35:03.109Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Internal Directory", "type": "Directory" } ], - "type": { - "actionI18nKey": "audit.logging.summary.directory.added", - "action": "User directory created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "i18nKey": "Active", @@ -15900,13 +15895,25 @@ "key": "Type", "to": "INTERNAL" } - ] + ], + "method": "Browser", + "type": { + "action": "User directory created", + "actionI18nKey": "audit.logging.summary.directory.added", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-23T00:35:03.109Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.directory.added", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.109Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"action\":\"User directory created\"},\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"key\":\"Encryption type\",\"i18nKey\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"key\":\"ID\",\"i18nKey\":\"ID\",\"to\":\"327681\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"INTERNAL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -15919,59 +15926,59 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.directory.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.109Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"action\":\"User directory created\"},\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"key\":\"Encryption type\",\"i18nKey\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"key\":\"ID\",\"i18nKey\":\"ID\",\"to\":\"327681\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"INTERNAL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" + "ip": "81.2.69.143" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:34:46.735Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.space.import", "action": "Space import", - "categoryI18nKey": "audit.logging.category.import.export", - "category": "Import/Export" + "actionI18nKey": "audit.logging.summary.space.import", + "category": "Import/Export", + "categoryI18nKey": "audit.logging.category.import.export" } } }, - "@timestamp": "2021-11-23T00:34:46.735Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.import", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:34:46.735Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -15984,57 +15991,57 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.import", - "original": "{\"timestamp\":\"2021-11-23T00:34:46.735Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:34:45.732Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Synchrony Interop Bootstrap Plugin", "type": "App" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.plugin.enabled", "action": "App enabled", - "categoryI18nKey": "audit.logging.category.plugins", - "category": "Apps" + "actionI18nKey": "audit.logging.summary.plugin.enabled", + "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins" } } }, - "@timestamp": "2021-11-23T00:34:45.732Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:34:45.732Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -16047,57 +16054,57 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"timestamp\":\"2021-11-23T00:34:45.732Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:34:44.466Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Collaborative Editor Plugin", "type": "App" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.plugin.enabled", "action": "App enabled", - "categoryI18nKey": "audit.logging.category.plugins", - "category": "Apps" + "actionI18nKey": "audit.logging.summary.plugin.enabled", + "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins" } } }, - "@timestamp": "2021-11-23T00:34:44.466Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:34:44.466Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -16110,78 +16117,84 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"timestamp\":\"2021-11-23T00:34:44.466Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-28T17:05:37.142Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123" } ], - "type": { - "actionI18nKey": "audit.logging.summary.user.renamed", - "action": "User renamed", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "from": "asdf", - "to": "asdf123", "i18nKey": "audit.logging.changed.value.username", - "key": "Username" + "key": "Username", + "to": "asdf123" } - ] + ], + "method": "Browser", + "type": { + "action": "User renamed", + "actionI18nKey": "audit.logging.summary.user.renamed", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-28T17:05:37.142Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin123", - "asdf", - "asdf123" + "event": { + "action": "audit.logging.summary.user.renamed", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T17:05:37.142Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"audit.logging.changed.value.username\",\"from\":\"asdf\",\"to\":\"asdf123\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin123", + "asdf", + "asdf123" ] }, "service": { @@ -16191,67 +16204,67 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "audit.logging.summary.user.renamed", - "original": "{\"timestamp\":\"2021-11-28T17:05:37.142Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"audit.logging.changed.value.username\",\"from\":\"asdf\",\"to\":\"asdf123\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin123", "changes": { "name": "asdf123" }, "full_name": "Joe Bob", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin123", "target": { "name": "asdf" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-28T17:06:11.805Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf asdfasdf", "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf asdfasdf", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.user.updated", "action": "User details updated", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.user.updated", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-28T17:06:11.805Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin123", - "asdf123" + "event": { + "action": "audit.logging.summary.user.updated", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T17:06:11.805Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin123", + "asdf123" ] }, "service": { @@ -16261,74 +16274,74 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "audit.logging.summary.user.updated", - "original": "{\"timestamp\":\"2021-11-28T17:06:11.805Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin123", "full_name": "Joe Bob", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin123", "target": { - "name": "asdf123", "full_name": "asdf asdfasdf", - "id": "2c9680837d4a3682017d67821e520003" + "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf123" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-28T17:05:37.158Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf asdfasdf", "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf asdfasdf", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123" } ], - "type": { - "actionI18nKey": "audit.logging.summary.user.updated", - "action": "User details updated", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "from": "asdf", - "to": "asdf asdfasdf", "i18nKey": "Display name", - "key": "Display name" + "key": "Display name", + "to": "asdf asdfasdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User details updated", + "actionI18nKey": "audit.logging.summary.user.updated", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-28T17:05:37.158Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin123", - "asdf123" + "event": { + "action": "audit.logging.summary.user.updated", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T17:05:37.158Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"from\":\"asdf\",\"to\":\"asdf asdfasdf\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin123", + "asdf123" ] }, "service": { @@ -16338,34 +16351,22 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "audit.logging.summary.user.updated", - "original": "{\"timestamp\":\"2021-11-28T17:05:37.158Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"from\":\"asdf\",\"to\":\"asdf asdfasdf\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin123", "changes": { "full_name": "asdf asdfasdf" }, "full_name": "Joe Bob", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin123", "target": { - "name": "asdf123", "full_name": "asdf", - "id": "2c9680837d4a3682017d67821e520003" + "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf123" } - }, - "tags": [ - "preserve_original_event" - ] + } } ] } \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log new file mode 100644 index 00000000000..306090b32dd --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log @@ -0,0 +1,37 @@ +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097111962,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097094621,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643096991153,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643096679172,"summary":"Space configuration updated","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Service Catalogue","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"SC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643096679092,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Service Catalogue","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"SC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Billy Bob","operations":null,"isExternalCollaborator":false,"username":"5e72294a9858860c3eb10c8b","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"5e72294a9858860c3eb10c8b","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643035762329,"summary":"Space configuration updated","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Pre-test-scanner","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Pre-test-scanner","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"PTS","hiddenOldValue":"","hiddenNewValue":""},{"name":"Home page","oldValue":"","newValue":"page: 484737204 v.1","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Billy Bob","operations":null,"isExternalCollaborator":false,"username":"5e72294a9858860c3eb10c8b","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"5e72294a9858860c3eb10c8b","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643035762311,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Pre-test-scanner","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Pre-test-scanner","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"PTS","hiddenOldValue":"","hiddenNewValue":""},{"name":"Home page","oldValue":"","newValue":"page: 484737204 v.1","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495383045,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"ASP","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495383014,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"ASP","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495382767,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"ASP","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"ASP","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"test@example.com","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642178227237,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Simon Brownhill","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642178227017,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Simon Brownhill","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Simon Brownhill","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641297876903,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"George West","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641297472951,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"SAM H","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641292043437,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Lilly Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641292043424,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joseph Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641292021947,"summary":"Group created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291955867,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joseph Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291955857,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Lilly Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291955839,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"SAM H","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291934681,"summary":"Group created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562860,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Lilly Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562848,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joe Test","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562837,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joseph Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562824,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Simon Johnson","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895523912,"summary":"Group created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Lilly Smith","operations":null,"isExternalCollaborator":false,"username":"98435bcd1061baa5b4fbd19bd5810586","userKey":"4711088e62a7b0cf381781a84574a70a","accountId":"98435bcd1061baa5b4fbd19bd5810586","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638894579293,"summary":"Space configuration updated","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Change Control","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Change Control","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"ACC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Lilly Smith","operations":null,"isExternalCollaborator":false,"username":"98435bcd1061baa5b4fbd19bd5810586","userKey":"4711088e62a7b0cf381781a84574a70a","accountId":"98435bcd1061baa5b4fbd19bd5810586","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638894578800,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Change Control","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Change Control","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"ACC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834800,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Another User","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834747,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Another User","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834455,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Another User","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Another User","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"test@example.com","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637251458807,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Username","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637164837285,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Unlicensed)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637164837274,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Doe","operations":null,"isExternalCollaborator":false,"username":"e6dd7842c44d594c024fc7129c1e4e49","userKey":"7b4a0e7b52db25cdfc113f8e5b8e7aa2","accountId":"e6dd7842c44d594c024fc7129c1e4e49","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637073322812,"summary":"Page archived","description":"","category":"Page","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"KB Articles to be Approved","objectType":"Page"},"changedValues":[{"name":"Content status","oldValue":"current","newValue":"archived","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[{"name":"KB Articles to be Approved","objectType":"Page"},{"name":"Topics","objectType":"Space"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756738,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Deactivated)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756666,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]} \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml new file mode 100644 index 00000000000..b50c2007781 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml @@ -0,0 +1,5 @@ +fields: + _config: + atlassian_cloud: true + tags: + - preserve_original_event diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json new file mode 100644 index 00000000000..42471b4aa91 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -0,0 +1,2637 @@ +{ + "expected": [ + { + "@timestamp": "2022-01-25T07:51:51.962Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "external_collaborator": false, + "type": { + "action": "Space logo uploaded", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space logo uploaded", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097111962,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:51:34.621Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "external_collaborator": false, + "type": { + "action": "Space logo uploaded", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space logo uploaded", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097094621,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:49:51.153Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "external_collaborator": false, + "type": { + "action": "Space logo uploaded", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space logo uploaded", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096991153,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:44:39.172Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Service Catalogue" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "SC" + } + ], + "external_collaborator": false, + "type": { + "action": "Space configuration updated", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space configuration updated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679172,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:44:39.092Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Service Catalogue" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "SC" + } + ], + "external_collaborator": false, + "type": { + "action": "Space created", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space created", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679092,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-24T14:49:22.329Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Pre-test-scanner", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Pre-test-scanner" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "PTS" + }, + { + "i18nKey": "Home page", + "key": "Home page", + "to": "page: 484737204 v.1" + } + ], + "external_collaborator": false, + "type": { + "action": "Space configuration updated", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space configuration updated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762329,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Billy Bob", + "id": "5e72294a9858860c3eb10c8b" + } + }, + { + "@timestamp": "2022-01-24T14:49:22.311Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Pre-test-scanner", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Pre-test-scanner" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "PTS" + }, + { + "i18nKey": "Home page", + "key": "Home page", + "to": "page: 484737204 v.1" + } + ], + "external_collaborator": false, + "type": { + "action": "Space created", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space created", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762311,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Billy Bob", + "id": "5e72294a9858860c3eb10c8b" + } + }, + { + "@timestamp": "2022-01-18T08:43:03.045Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "ASP", + "type": "User" + }, + { + "name": "jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383045,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "ASP" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "b8d81944-e737-4da0-94ca-165fa5c0635c", + "name": "jira-software-users" + }, + "name": "ASP" + } + } + }, + { + "@timestamp": "2022-01-18T08:43:03.014Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "ASP", + "type": "User" + }, + { + "name": "confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383014,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "ASP" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "name": "confluence-users" + }, + "name": "ASP" + } + } + }, + { + "@timestamp": "2022-01-18T08:43:02.767Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "ASP", + "type": "User" + } + ], + "changed_values": [ + { + "i18nKey": "Display name", + "key": "Display name", + "to": "ASP" + }, + { + "i18nKey": "Email", + "key": "Email", + "to": "test@example.com" + }, + { + "i18nKey": "Active", + "key": "Active", + "to": "Yes" + } + ], + "external_collaborator": false, + "type": { + "action": "User created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495382767,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"ASP\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"ASP\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"test@example.com\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "creation" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "email": "test@example.com", + "full_name": "ASP" + }, + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-14T16:37:07.237Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Simon Brownhill", + "type": "User" + }, + { + "name": "confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227237,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Simon Brownhill" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "name": "confluence-users" + }, + "name": "Simon Brownhill" + } + } + }, + { + "@timestamp": "2022-01-14T16:37:07.017Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Simon Brownhill", + "type": "User" + } + ], + "changed_values": [ + { + "i18nKey": "Display name", + "key": "Display name", + "to": "Simon Brownhill" + }, + { + "i18nKey": "Email", + "key": "Email" + }, + { + "i18nKey": "Active", + "key": "Active", + "to": "Yes" + } + ], + "external_collaborator": false, + "type": { + "action": "User created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227017,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Simon Brownhill\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "creation" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "full_name": "Simon Brownhill" + }, + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T12:04:36.903Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "George West", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297876903,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"George West\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "George West" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "George West" + } + } + }, + { + "@timestamp": "2022-01-04T11:57:52.951Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "SAM H", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297472951,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "SAM H" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "SAM H" + } + } + }, + { + "@timestamp": "2022-01-04T10:27:23.437Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Lilly Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043437,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Lilly Smith" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "Lilly Smith" + } + } + }, + { + "@timestamp": "2022-01-04T10:27:23.424Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Joseph Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043424,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Joseph Smith" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "Joseph Smith" + } + } + }, + { + "@timestamp": "2022-01-04T10:27:01.947Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "Group created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Group created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292021947,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:25:55.867Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Joseph Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955867,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Joseph Smith" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "name": "Joseph Smith" + } + } + }, + { + "@timestamp": "2022-01-04T10:25:55.857Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Lilly Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955857,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Lilly Smith" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "name": "Lilly Smith" + } + } + }, + { + "@timestamp": "2022-01-04T10:25:55.839Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "SAM H", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955839,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "SAM H" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "name": "SAM H" + } + } + }, + { + "@timestamp": "2022-01-04T10:25:34.681Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "Group created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Group created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291934681,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.860Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Lilly Smith", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562860,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Lilly Smith" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Lilly Smith" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.848Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Joe Test", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562848,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joe Test\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Joe Test" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Joe Test" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.837Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Joseph Smith", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562837,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Joseph Smith" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Joseph Smith" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.824Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Simon Johnson", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562824,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Johnson\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Simon Johnson" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Simon Johnson" + } + } + }, + { + "@timestamp": "2021-12-07T16:45:23.912Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "Group created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Group created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895523912,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:29:39.293Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Change Control", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Change Control" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "ACC" + } + ], + "external_collaborator": false, + "type": { + "action": "Space configuration updated", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space configuration updated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894579293,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Lilly Smith", + "id": "98435bcd1061baa5b4fbd19bd5810586" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.800Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Change Control", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Change Control" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "ACC" + } + ], + "external_collaborator": false, + "type": { + "action": "Space created", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Space created", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894578800,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Lilly Smith", + "id": "98435bcd1061baa5b4fbd19bd5810586" + } + }, + { + "@timestamp": "2021-11-29T17:10:34.800Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Another User", + "type": "User" + }, + { + "name": "jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834800,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Another User" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "b8d81944-e737-4da0-94ca-165fa5c0635c", + "name": "jira-software-users" + }, + "name": "Another User" + } + } + }, + { + "@timestamp": "2021-11-29T17:10:34.747Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Another User", + "type": "User" + }, + { + "name": "confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834747,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Another User" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "name": "confluence-users" + }, + "name": "Another User" + } + } + }, + { + "@timestamp": "2021-11-29T17:10:34.455Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Another User", + "type": "User" + } + ], + "changed_values": [ + { + "i18nKey": "Display name", + "key": "Display name", + "to": "Another User" + }, + { + "i18nKey": "Email", + "key": "Email", + "to": "test@example.com" + }, + { + "i18nKey": "Active", + "key": "Active", + "to": "Yes" + } + ], + "external_collaborator": false, + "type": { + "action": "User created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834455,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Another User\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Another User\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"test@example.com\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "creation" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "email": "test@example.com", + "full_name": "Another User" + }, + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-18T16:04:18.807Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "Username", + "type": "User" + }, + { + "name": "jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c", + "type": "Group" + } + ], + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637251458807,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Username\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ], + "user": [ + "Username" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "group": { + "id": "b8d81944-e737-4da0-94ca-165fa5c0635c", + "name": "jira-software-users" + }, + "name": "Username" + } + } + }, + { + "@timestamp": "2021-11-17T16:00:37.285Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "John Doe (Unlicensed)", + "type": "User" + } + ], + "changed_values": [ + { + "from": "Yes", + "i18nKey": "Active", + "key": "Active", + "to": "No" + } + ], + "external_collaborator": false, + "type": { + "action": "User details updated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User details updated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837285,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Unlicensed)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "full_name": "John Doe (Unlicensed)" + } + } + }, + { + "@timestamp": "2021-11-17T16:00:37.274Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User deactivated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User deactivated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837274,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-16T14:35:22.812Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "KB Articles to be Approved", + "type": "Page" + }, + { + "name": "Topics", + "type": "Space" + } + ], + "changed_values": [ + { + "from": "current", + "i18nKey": "Content status", + "key": "Content status", + "to": "archived" + } + ], + "external_collaborator": false, + "type": { + "action": "Page archived", + "category": "Page" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Page archived", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Doe\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"userKey\":\"7b4a0e7b52db25cdfc113f8e5b8e7aa2\",\"accountId\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637073322812,\"summary\":\"Page archived\",\"description\":\"\",\"category\":\"Page\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},\"changedValues\":[{\"name\":\"Content status\",\"oldValue\":\"current\",\"newValue\":\"archived\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},{\"name\":\"Topics\",\"objectType\":\"Space\"}]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Doe", + "id": "e6dd7842c44d594c024fc7129c1e4e49" + } + }, + { + "@timestamp": "2021-11-16T09:25:56.738Z", + "confluence": { + "audit": { + "affected_objects": [ + { + "name": "John Doe (Deactivated)", + "type": "User" + } + ], + "changed_values": [ + { + "from": "Yes", + "i18nKey": "Active", + "key": "Active", + "to": "No" + } + ], + "external_collaborator": false, + "type": { + "action": "User details updated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User details updated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756738,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Deactivated)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System", + "target": { + "full_name": "John Doe (Deactivated)" + } + } + }, + { + "@timestamp": "2021-11-16T09:25:56.666Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User deactivated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User deactivated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756666,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + } + ] +} \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 6467ffd1297..8b3150d65d1 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -1,29 +1,35 @@ { "expected": [ { + "@timestamp": "2021-11-22T23:42:47.332Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Synchrony Interop Bootstrap Plugin", "type": "App" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "App enabled", "actionI18nKey": "audit.logging.summary.plugin.enabled", - "categoryI18nKey": "audit.logging.category.plugins", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:42:47.332Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624567,\"nano\":332000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -36,59 +42,59 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624567,\"nano\":332000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:42:45.791Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Collaborative Editor Plugin", "type": "App" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "App enabled", "actionI18nKey": "audit.logging.summary.plugin.enabled", - "categoryI18nKey": "audit.logging.category.plugins", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:42:45.791Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624565,\"nano\":791000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -101,60 +107,60 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624565,\"nano\":791000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:42:49.660Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], + "method": "Browser", "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "action": "Space import", "actionI18nKey": "audit.logging.summary.space.import", - "categoryI18nKey": "audit.logging.category.import.export", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "category": "Import/Export", + "categoryI18nKey": "audit.logging.category.import.export", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:42:49.660Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.import", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space import\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Import/Export\",\"categoryI18nKey\":\"audit.logging.category.import.export\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624569,\"nano\":660000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -167,53 +173,39 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.import", - "original": "{\"affectedObjects\":[{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space import\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Import/Export\",\"categoryI18nKey\":\"audit.logging.category.import.export\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624569,\"nano\":660000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.440Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Internal Directory", "type": "Directory" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User directory created", - "actionI18nKey": "audit.logging.summary.directory.added", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "ID", @@ -305,13 +297,27 @@ "key": "Allowed operation", "to": "CREATE_GROUP" } - ] + ], + "method": "Browser", + "type": { + "action": "User directory created", + "actionI18nKey": "audit.logging.summary.directory.added", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.440Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.directory.added", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"auditType\":{\"action\":\"User directory created\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"ID\",\"key\":\"ID\",\"to\":\"327681\"},{\"i18nKey\":\"Name\",\"key\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"},{\"i18nKey\":\"Encryption type\",\"key\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"i18nKey\":\"Description\",\"key\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"INTERNAL\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":440000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -324,60 +330,70 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.directory.added", - "original": "{\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"auditType\":{\"action\":\"User directory created\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"ID\",\"key\":\"ID\",\"to\":\"327681\"},{\"i18nKey\":\"Name\",\"key\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"},{\"i18nKey\":\"Encryption type\",\"key\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"i18nKey\":\"Description\",\"key\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"INTERNAL\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":440000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.536Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "Group created", "actionI18nKey": "audit.logging.summary.group.created", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:21.536Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":536000000},\"version\":\"1.0\"}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-administrators", + "name": "confluence-administrators" + }, "related": { "hosts": [ "confluence.internal" @@ -390,70 +406,70 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":536000000},\"version\":\"1.0\"}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-22T23:43:21.552Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "Group created", "actionI18nKey": "audit.logging.summary.group.created", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:21.552Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":552000000},\"version\":\"1.0\"}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-users", + "name": "confluence-users" + }, "related": { "hosts": [ "confluence.internal" @@ -466,64 +482,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":552000000},\"version\":\"1.0\"}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-users", - "id": "confluence-users" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-22T23:43:21.592Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -535,15 +527,36 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.592Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":592000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ "confluence.internal" ], "ip": [ @@ -554,61 +567,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":592000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.620Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -620,13 +612,34 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.620Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":620000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -639,61 +652,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":620000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.623Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -705,13 +697,34 @@ "key": "Type", "to": "ADMINISTRATECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.623Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":623000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -724,61 +737,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":623000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.627Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -790,13 +782,34 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.627Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":627000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -809,61 +822,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":627000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.688Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -875,13 +867,34 @@ "key": "Type", "to": "SYSTEMADMINISTRATOR" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.688Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":688000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -894,61 +907,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":688000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.692Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -960,13 +952,34 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.692Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":692000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -979,61 +992,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":692000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.694Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" - } - ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, + "type": "Group" + } + ], "changed_values": [ { "i18nKey": "Group", @@ -1045,13 +1037,34 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.694Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":694000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1064,61 +1077,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":694000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.696Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1130,13 +1122,34 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.696Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":696000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1149,61 +1162,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":696000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.540Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2c9580827d4a06e8017d4a07c3e10000", "name": "test.user", - "type": "User", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "type": "User" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "audit.logging.summary.user.created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Display name", @@ -1225,272 +1217,274 @@ "key": "Active", "to": "Yes" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "audit.logging.summary.user.created", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.540Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.user.created", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"test.user\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"admin\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":54000000},\"version\":\"1.0\"}", + "type": [ + "user", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.user.created", - "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"test.user\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"admin\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":54000000},\"version\":\"1.0\"}", - "type": [ - "user", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "changes": { - "name": "admin", "email": "test.user@example.com", - "full_name": "test.user" + "full_name": "test.user", + "name": "admin" }, "full_name": "Anonymous", "id": "-2", "target": { + "email": "test.user@example.com", "full_name": "test.user", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "id": "2c9580827d4a06e8017d4a07c3e10000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.147Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a07c3e10000", "name": "admin", - "type": "User", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:22.147Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":147000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":147000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9580827d4a06e8017d4a07c3e10000", "group": { - "name": "confluence-users", - "id": "confluence-users" - } + "id": "confluence-users", + "name": "confluence-users" + }, + "id": "2c9580827d4a06e8017d4a07c3e10000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.172Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a07c3e10000", "name": "admin", - "type": "User", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:22.172Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":172000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":172000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9580827d4a06e8017d4a07c3e10000", "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" - } + "id": "confluence-administrators", + "name": "confluence-administrators" + }, + "id": "2c9580827d4a06e8017d4a07c3e10000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.401Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1507,13 +1501,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.401Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":401000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1526,66 +1541,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":401000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.429Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1602,13 +1596,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.429Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":429000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1621,65 +1636,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":429000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.437Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -1691,13 +1685,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.437Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":437000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1710,66 +1725,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":437000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.442Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1786,13 +1780,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.442Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":442000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1805,66 +1820,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":442000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.445Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1881,13 +1875,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.445Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":445000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1900,65 +1915,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":445000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.447Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -1970,13 +1964,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.447Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":447000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1989,66 +2004,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":447000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.450Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2065,13 +2059,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.450Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":450000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2084,66 +2099,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":450000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.454Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2160,13 +2154,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.454Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":454000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2179,65 +2194,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":454000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.457Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -2249,13 +2243,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.457Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":457000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2268,66 +2283,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":457000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.459Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2344,13 +2338,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.459Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":459000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2363,66 +2378,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":459000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.462Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2439,13 +2433,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.462Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":462000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2458,65 +2473,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":462000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.464Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -2528,13 +2522,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.464Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":464000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2547,66 +2562,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":464000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.467Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" - } - ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, + "type": "Space" + } + ], "changed_values": [ { "i18nKey": "Group", @@ -2623,13 +2617,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.467Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":467000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2642,66 +2657,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":467000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.470Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2718,13 +2712,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.470Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":470000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2737,66 +2752,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":470000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.472Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2813,13 +2807,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.472Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":472000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2832,65 +2847,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":472000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.475Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -2902,13 +2896,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.475Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":475000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2921,66 +2936,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":475000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.479Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2997,13 +2991,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.479Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":479000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3016,66 +3031,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":479000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.481Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3092,13 +3086,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.481Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":481000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3111,65 +3126,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":481000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.484Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -3181,13 +3175,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.484Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":484000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3200,66 +3215,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":484000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.486Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3276,13 +3270,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.486Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":486000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3295,66 +3310,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":486000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.489Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3371,13 +3365,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.489Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":489000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3390,65 +3405,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":489000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.491Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -3460,13 +3454,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.491Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":491000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3479,66 +3494,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":491000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.493Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3555,13 +3549,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.493Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":493000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3574,66 +3589,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":493000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.496Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3650,13 +3644,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.496Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":496000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3669,65 +3684,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":496000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.498Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -3739,13 +3733,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.498Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":498000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3758,66 +3773,45 @@ "address": "http://confluence.internal:8090" }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", - "city_name": "London", - "country_iso_code": "GB", - "country_name": "United Kingdom", - "region_name": "England", - "location": { - "lon": -0.0931, - "lat": 51.5142 - } - }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":498000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.501Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3834,13 +3828,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.501Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":501000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3853,66 +3868,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":501000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.503Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3929,13 +3923,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.503Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":503000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3948,65 +3963,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":503000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.506Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4018,13 +4012,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.506Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":506000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4037,66 +4052,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":506000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.508Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4113,13 +4107,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.508Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":508000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4132,66 +4147,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":508000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" + "ip": "81.2.69.143" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-22T23:43:22.510Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4208,13 +4202,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.510Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":510000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4227,65 +4242,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":510000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.513Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4297,13 +4291,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.513Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":513000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4316,66 +4331,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":513000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.515Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4392,13 +4386,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.515Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":515000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4411,66 +4426,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":515000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.518Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4487,13 +4481,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.518Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":518000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4506,65 +4521,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":518000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.520Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4576,13 +4570,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.520Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":520000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4595,66 +4610,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":520000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.522Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4671,13 +4665,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.522Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":522000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4690,66 +4705,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":522000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.525Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4766,13 +4760,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.525Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":525000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4785,65 +4800,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":525000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.527Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4855,13 +4849,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.527Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":527000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4874,66 +4889,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":527000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.529Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4950,13 +4944,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.529Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":529000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4969,66 +4984,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":529000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.532Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -5045,13 +5039,34 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.532Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":532000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -5064,67 +5079,66 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":532000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-11-22T23:43:22.615Z", "confluence": { "audit": { - "method": "System", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log configuration updated", - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "atlassian.audit.event.change.retention", "key": "Retention", "to": "3 Years" } - ] + ], + "method": "System", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"System\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":615000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "change" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -5133,38 +5147,18 @@ "service": { "address": "http://confluence.internal:8090" }, - "event": { - "action": "atlassian.audit.event.action.audit.config.updated", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"System\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":615000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "System", "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:44:13.873Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -5185,13 +5179,27 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:44:13.873Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -5204,47 +5212,33 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:47:20.815Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Timestamp Range", @@ -5266,13 +5260,27 @@ "nameI18nKey": "atlassian.audit.event.attribute.results", "value": "58" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:47:20.815Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:44:13.873Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 58\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-22T23:47:20.782708Z;\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"58\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624840,\"nano\":815000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -5285,47 +5293,33 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:44:13.873Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 58\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-22T23:47:20.782708Z;\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"58\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624840,\"nano\":815000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:49:50.382Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Global settings changed", - "actionI18nKey": "audit.logging.summary.global.settings.edited", - "categoryI18nKey": "audit.logging.category.admin", - "category": "Global Administration", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Custom contact admin message", @@ -5334,17 +5328,37 @@ }, { "from": "Confluence", - "to": "Confluence Test", "i18nKey": "Site title", - "key": "Site title" + "key": "Site title", + "to": "Confluence Test" } - ] + ], + "method": "Browser", + "type": { + "action": "Global settings changed", + "actionI18nKey": "audit.logging.summary.global.settings.edited", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "Global Administration", + "categoryI18nKey": "audit.logging.category.admin", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:49:50.382Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.settings.edited", + "category": [ + "configuration" + ], + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Global settings changed\",\"actionI18nKey\":\"audit.logging.summary.global.settings.edited\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global Administration\",\"categoryI18nKey\":\"audit.logging.category.admin\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Custom contact admin message\",\"key\":\"Custom contact admin message\",\"to\":\"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred.\"},{\"from\":\"Confluence\",\"i18nKey\":\"Site title\",\"key\":\"Site title\",\"to\":\"Confluence Test\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624990,\"nano\":382000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "change" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -5357,60 +5371,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.settings.edited", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Global settings changed\",\"actionI18nKey\":\"audit.logging.summary.global.settings.edited\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global Administration\",\"categoryI18nKey\":\"audit.logging.category.admin\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Custom contact admin message\",\"key\":\"Custom contact admin message\",\"to\":\"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred.\"},{\"from\":\"Confluence\",\"i18nKey\":\"Site title\",\"key\":\"Site title\",\"to\":\"Confluence Test\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624990,\"nano\":382000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:13.842Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2c9580827d4a06e8017d4a0e9dda0001", "name": "Another User", - "type": "User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "type": "User" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "audit.logging.summary.user.created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Display name", @@ -5432,260 +5426,262 @@ "key": "Active", "to": "Yes" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "audit.logging.summary.user.created", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:50:13.842Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "another.user" + "event": { + "action": "audit.logging.summary.user.created", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"Another User\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"Another User\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"another.user@example.como\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"another.user\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":842000000},\"version\":\"1.0\"}", + "type": [ + "user", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "another.user" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.user.created", - "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"Another User\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"Another User\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"another.user@example.como\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"another.user\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":842000000},\"version\":\"1.0\"}", - "type": [ - "user", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "changes": { - "name": "another.user", "email": "another.user@example.como", - "full_name": "Another User" + "full_name": "Another User", + "name": "another.user" }, "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", "target": { + "email": "another.user@example.como", "full_name": "Another User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "id": "2c9580827d4a06e8017d4a0e9dda0001", + "name": "another.user" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:13.966Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a0e9dda0001", "name": "another.user", - "type": "User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:50:13.966Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "another.user" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":966000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "another.user" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":966000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", "target": { - "name": "another.user", - "id": "2c9580827d4a06e8017d4a0e9dda0001", "group": { - "name": "confluence-users", - "id": "confluence-users" - } + "id": "confluence-users", + "name": "confluence-users" + }, + "id": "2c9580827d4a06e8017d4a0e9dda0001", + "name": "another.user" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:32.205Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a0e9dda0001", "name": "another.user", - "type": "User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:50:32.205Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "another.user" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625032,\"nano\":205000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "another.user" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625032,\"nano\":205000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", "target": { - "name": "another.user", - "id": "2c9580827d4a06e8017d4a0e9dda0001", "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" - } + "id": "confluence-administrators", + "name": "confluence-administrators" + }, + "id": "2c9580827d4a06e8017d4a0e9dda0001", + "name": "another.user" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:35.770Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Results returned", @@ -5706,13 +5702,27 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:50:35.770Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"63\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 63\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625035,\"nano\":770000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -5725,34 +5735,28 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"63\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 63\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625035,\"nano\":770000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } } ] } \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml index 5622947e4b8..4da22641654 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml @@ -1,5 +1,3 @@ -dynamic_fields: - event.ingested: ".*" fields: tags: - preserve_original_event diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml new file mode 100644 index 00000000000..9c932c7ba09 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -0,0 +1,13 @@ +input: httpjson +service: confluence-api +vars: ~ +data_stream: + vars: + preserve_original_event: true + api_url: http://{{Hostname}}:{{Port}} + username: test.user + password: abc123 + limit: "2" + ssl: |- + verification_mode: none + atlassian_cloud: true diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml index a6d1af6204c..7aa5ba9a5d9 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml @@ -8,4 +8,5 @@ data_stream: username: test.user password: abc123 limit: "2" - ssl.verification_mode: none + ssl: |- + verification_mode: none diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index be1c57a543d..6f54d0d4baf 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -1,16 +1,19 @@ config_version: "2" interval: {{interval}} request.method: "GET" -request.url: {{api_url}}/rest/auditing/1.0/events + {{#if ssl}} request.ssl: {{ssl}} {{/if}} + {{#if http_client_timeout}} request.timeout: {{http_client_timeout}} {{/if}} + {{#if proxy_url }} request.proxy_url: {{proxy_url}} {{/if}} + {{#unless token}} {{#if username}} {{#if password}} @@ -20,7 +23,56 @@ auth.basic.password: {{password}} {{/if}} {{/unless}} +{{#if atlassian_cloud}} +{{! Atlassian Confluence Cloud }} +request.url: {{api_url}}/wiki/rest/api/audit +request.transforms: + - set: + target: url.params.limit + value: '{{ limit }}' + - set: + target: url.params.startDate + value: '[[.cursor.last_timestamp]]' + default: '[[(now (parseDuration "-{{initial_interval}}")).UnixMilli]]' + - set: + target: url.params.endDate + value: '[[now.UnixMilli]]' + - set: + target: url.params.start + value: '0' + +response.split: + target: body.results + +response.pagination: + - set: + target: url.value + value: > + [[sprintf "%s/wiki/rest/api/audit?endDate=%s&startDate=%s&start=%d&limit=%s" + "{{api_url}}" + (.last_response.url.params.Get "endDate") + (.last_response.url.params.Get "startDate") + (add (toInt .last_response.body.start) (toInt .last_response.body.limit)) + "{{ limit }}"]] + fail_on_template_error: true + +cursor: + last_timestamp: + value: '[[.first_event.creationDate]]' + +fields_under_root: true +fields: + _config: + atlassian_cloud: true + +{{else}} +{{! Self-hosted Confluence Data Center }} +request.url: {{api_url}}/rest/auditing/1.0/events request.transforms: + - set: + target: url.params.limit + value: '{{ limit }}' + {{#unless username}} {{#unless password}} {{#if token}} @@ -30,19 +82,18 @@ request.transforms: {{/if}} {{/unless}} {{/unless}} + - set: target: url.params.from - value: "[[.cursor.last_timestamp]]" + value: '[[.cursor.last_timestamp]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' - set: target: url.params.to value: '[[formatDate now]]' - - set: - target: url.params.limit - value: {{ limit }} response.split: target: body.entities + response.pagination: - set: target: url.value @@ -51,7 +102,8 @@ response.pagination: cursor: last_timestamp: - value: "[[.first_event.timestamp]]" + value: '[[.first_event.timestamp]]' +{{/if}} tags: {{#if preserve_original_event}} @@ -60,9 +112,11 @@ tags: {{#each tags as |tag i|}} - {{tag}} {{/each}} + {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} + {{#if processors}} processors: {{processors}} diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml new file mode 100644 index 00000000000..0e81f00f677 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -0,0 +1,84 @@ +--- +description: Pipeline for processing Atlassian Confluence Cloud audit logs. +processors: +- date: + field: json.creationDate + formats: + - UNIX_MS +- rename: + field: json.remoteAddress + target_field: source.address + ignore_missing: true +- rename: + field: json.author.accountId + target_field: user.id + ignore_missing: true +- rename: + field: json.author.displayName + target_field: user.full_name + ignore_missing: true +- rename: + field: json.author.externalCollaborator + target_field: confluence.audit.external_collaborator + ignore_missing: true +- rename: + field: json.category + target_field: confluence.audit.type.category + ignore_missing: true +- rename: + field: json.summary + target_field: confluence.audit.type.action + ignore_missing: true +- set: + field: event.action + copy_from: confluence.audit.type.action + ignore_empty_value: true +- rename: + field: json.associatedObjects + target_field: confluence.audit.affected_objects + ignore_missing: true +- rename: + field: json.changedValues + target_field: confluence.audit.changed_values + ignore_missing: true +- script: + lang: painless + description: Modify data to match Self Hosted + source: >- + if(ctx.confluence?.audit?.affected_objects == null) { + ArrayList items = new ArrayList(); + ctx.confluence?.audit.put("affected_objects", items); + } + if(ctx.json?.affectedObject != null && !ctx.confluence?.audit?.affected_objects.contains(ctx.json?.affectedObject)) { + ctx.confluence?.audit?.affected_objects.add(ctx.json?.affectedObject); + } + + if(ctx.confluence?.audit?.affected_objects != null) { + for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { + if(ctx.confluence.audit.affected_objects[j]?.objectType != null) { + ctx.confluence.audit.affected_objects[j].put('type', ctx.confluence.audit.affected_objects[j].objectType); + ctx.confluence.audit.affected_objects[j].remove('objectType'); + } + } + } + if(ctx.confluence?.audit?.changed_values != null) { + for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { + if(ctx.confluence.audit.changed_values[j]?.name != null) { + ctx.confluence.audit.changed_values[j].put('i18nKey', ctx.confluence.audit.changed_values[j].name); + ctx.confluence.audit.changed_values[j].put('key', ctx.confluence.audit.changed_values[j].name); + ctx.confluence.audit.changed_values[j].remove('name'); + } + if(ctx.confluence.audit.changed_values[j]?.newValue != null) { + ctx.confluence.audit.changed_values[j].put('to', ctx.confluence.audit.changed_values[j].newValue); + ctx.confluence.audit.changed_values[j].remove('newValue'); + } + if(ctx.confluence.audit.changed_values[j]?.oldValue != null) { + ctx.confluence.audit.changed_values[j].put('from', ctx.confluence.audit.changed_values[j].oldValue); + ctx.confluence.audit.changed_values[j].remove('oldValue'); + } + } + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 80aa4d2989d..7f4e052ebcc 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Atlassian Confluence audit logs. processors: - set: field: ecs.version @@ -10,24 +10,12 @@ processors: - json: field: event.original target_field: json -- set: - field: _tmp.timestamp - copy_from: json.timestamp - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String -- set: - field: _tmp.timestamp - value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null -- date: - field: _tmp.timestamp - formats: - - UNIX - - ISO8601 - target_field: "@timestamp" -- rename: - field: json.source - target_field: source.address - ignore_missing: true +- pipeline: + name: '{{ IngestPipeline "cloud" }}' + if: "ctx._config?.atlassian_cloud != null" +- pipeline: + name: '{{ IngestPipeline "self-hosted" }}' + if: "ctx._config?.atlassian_cloud == null" - convert: field: source.address target_field: source.ip @@ -53,62 +41,17 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true -- rename: - field: json.author.id - target_field: user.id - ignore_missing: true -- rename: - field: json.author.name - target_field: user.full_name - ignore_missing: true -- grok: - field: json.author.uri - ignore_missing: true - ignore_failure: true - if: ctx?.json?.author?.uri != "" - patterns: - - '\?username=%{USER:user.name}$' -- rename: - field: json.auditType - target_field: confluence.audit.type - ignore_missing: true -- rename: - field: json.type - target_field: confluence.audit.type - ignore_missing: true -- rename: - field: json.method - target_field: confluence.audit.method - ignore_missing: true -- rename: - field: json.system - target_field: service.address - ignore_missing: true -- uri_parts: - field: service.address - target_field: _tmp.service - ignore_failure: true - if: ctx.service?.address != null -- rename: - field: json.extraAttributes - target_field: confluence.audit.extra_attributes - ignore_missing: true -- rename: - field: json.changedValues - target_field: confluence.audit.changed_values - ignore_missing: true -- rename: - field: json.affectedObjects - target_field: confluence.audit.affected_objects - ignore_missing: true -- set: - field: event.action - copy_from: confluence.audit.type.actionI18nKey - ignore_empty_value: true - script: lang: painless description: Add ECS categorization params: + Global permission added: + category: + - iam + - configuration + type: + - admin + - creation audit.logging.summary.global.permission.added: category: - iam @@ -116,6 +59,13 @@ processors: type: - admin - creation + Global permission removed: + category: + - iam + - configuration + type: + - admin + - deletion audit.logging.summary.space.permission.added: category: - iam @@ -123,54 +73,108 @@ processors: type: - admin - creation + User created: + category: + - iam + type: + - user + - creation audit.logging.summary.user.created: category: - iam type: - user - creation + User renamed: + category: + - iam + type: + - user + - change audit.logging.summary.user.renamed: category: - iam type: - user - change + User details updated: + category: + - iam + type: + - user + - change audit.logging.summary.user.updated: category: - iam type: - user - change + User deleted: + category: + - iam + type: + - user + - deletion audit.logging.summary.user.deleted: category: - iam type: - user - deletion + User added to group: + category: + - iam + type: + - group + - change audit.logging.summary.group.membership.added: category: - iam type: - group - change + User removed from group: + category: + - iam + type: + - group + - change audit.logging.summary.group.membership.removed: category: - iam type: - group - change + Group created: + category: + - iam + type: + - group + - creation audit.logging.summary.group.created: category: - iam type: - group - creation + Group deleted: + category: + - iam + type: + - group + - deletion audit.logging.summary.group.deleted: category: - iam type: - group - deletion + Audit Log configuration updated: + category: + - configuration + type: + - admin + - change atlassian.audit.event.action.audit.config.updated: category: - configuration @@ -270,7 +274,7 @@ processors: - script: lang: painless description: Add ECS User fields - if: "['audit.logging.category.user.management','audit.logging.category.auth'].contains(ctx.confluence?.audit?.type?.categoryI18nKey)" + if: "['audit.logging.category.user.management','audit.logging.category.auth'].contains(ctx.confluence?.audit?.type?.categoryI18nKey) || ['Users and groups'].contains(ctx.confluence?.audit?.type?.category)" source: >- if (ctx?.event?.action == null) { return; @@ -298,17 +302,26 @@ processors: if(ctx.confluence?.audit?.affected_objects != null) { for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { if(ctx.confluence?.audit?.affected_objects[j]?.type == 'Group') { - if(['audit.logging.summary.group.created', 'audit.logging.summary.group.deleted'].contains(ctx.event.action)) { - ctx.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + String group_name = ctx.confluence?.audit?.affected_objects[j]?.name; + String group_id = ctx.confluence?.audit?.affected_objects[j]?.id; + if(ctx._config?.atlassian_cloud != null) { + def m = /(.+):(\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b)$/.matcher(group_name); + if (m.find()) { + group_name = m.group(1); + group_id = m.group(2); + } + } + if(['audit.logging.summary.group.created', 'audit.logging.summary.group.deleted', 'Group created', 'Group deleted'].contains(ctx.event.action)) { + ctx.group.put("name", group_name); + ctx.group.put("id", group_id); } - if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { - ctx.user.target.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed', 'User added to group','User removed from group'].contains(ctx.event.action)) { + ctx.user.target.group.put("name", group_name); + ctx.user.target.group.put("id", group_id); } } if(ctx.confluence?.audit?.affected_objects[j]?.type == 'User') { - if(['audit.logging.summary.user.created', 'audit.logging.summary.user.deleted', 'audit.logging.summary.user.password.changed','audit.logging.summary.user.updated'].contains(ctx.event.action)) { + if(['audit.logging.summary.user.created', 'audit.logging.summary.user.deleted', 'audit.logging.summary.user.password.changed','audit.logging.summary.user.updated', 'User created', 'User deleted', 'User details updated'].contains(ctx.event.action)) { ctx.user.target.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { @@ -318,7 +331,7 @@ processors: } } } - if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { + if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed', 'User added to group', 'User removed from group'].contains(ctx.event.action)) { ctx.user.target.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); } @@ -337,27 +350,30 @@ processors: } if(ctx.confluence?.audit?.changed_values != null) { for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { - if(['audit.logging.summary.user.renamed'].contains(ctx.event.action)) { + if(['audit.logging.summary.user.renamed', 'User renamed'].contains(ctx.event.action)) { if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'audit.logging.changed.value.username') { ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); } } - if(['audit.logging.summary.user.created','audit.logging.summary.user.updated'].contains(ctx.event.action)) { + if(['audit.logging.summary.user.created','audit.logging.summary.user.updated', 'User created', 'User details updated'].contains(ctx.event.action)) { if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Username') { ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.to); if(ctx.confluence?.audit?.changed_values[j]?.from != null) { ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); } } if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Email') { ctx.user.changes.put("email", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.to); if(ctx.confluence?.audit?.changed_values[j]?.from != null) { ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.from); } } if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Display name') { ctx.user.changes.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); if(ctx.confluence?.audit?.changed_values[j]?.from != null) { ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.from); } @@ -385,15 +401,11 @@ processors: value: '{{source.ip}}' allow_duplicates: false if: ctx.source?.ip != null -- append: - field: related.hosts - value: '{{_tmp.service.domain}}' - allow_duplicates: false - if: ctx._tmp?.service?.domain != null - remove: field: - json - _tmp + - _config ignore_missing: true - remove: field: event.original @@ -426,6 +438,11 @@ processors: } handleMap(ctx); on_failure: +- remove: + field: + - _config + - _tmp + ignore_failure: true - set: field: error.message value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml new file mode 100644 index 00000000000..ee49315d6a5 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -0,0 +1,81 @@ +--- +description: Pipeline for processing self-hosted Atlassian Confluence audit logs. +processors: +- set: + field: _tmp.timestamp + copy_from: json.timestamp + if: ctx.json?.timestamp != null && ctx.json.timestamp instanceof String +- set: + field: _tmp.timestamp + value: "{{{json.timestamp.epochSecond}}}.{{{json.timestamp.nano}}}" + if: ctx.json?.timestamp != null && ctx.json.timestamp instanceof Map && ctx.json.timestamp?.epochSecond != null && ctx.json.timestamp?.nano != null +- date: + field: _tmp.timestamp + formats: + - UNIX + - ISO8601 +- rename: + field: json.source + target_field: source.address + ignore_missing: true +- rename: + field: json.author.id + target_field: user.id + ignore_missing: true +- rename: + field: json.author.name + target_field: user.full_name + ignore_missing: true +- grok: + field: json.author.uri + ignore_missing: true + ignore_failure: true + if: ctx?.json?.author?.uri != "" + patterns: + - '\?username=%{USER:user.name}$' +- rename: + field: json.auditType + target_field: confluence.audit.type + ignore_missing: true +- rename: + field: json.type + target_field: confluence.audit.type + ignore_missing: true +- rename: + field: json.method + target_field: confluence.audit.method + ignore_missing: true +- rename: + field: json.system + target_field: service.address + ignore_missing: true +- uri_parts: + field: service.address + target_field: _tmp.service + ignore_failure: true + if: ctx.service?.address != null +- rename: + field: json.extraAttributes + target_field: confluence.audit.extra_attributes + ignore_missing: true +- rename: + field: json.changedValues + target_field: confluence.audit.changed_values + ignore_missing: true +- rename: + field: json.affectedObjects + target_field: confluence.audit.affected_objects + ignore_missing: true +- set: + field: event.action + copy_from: confluence.audit.type.actionI18nKey + ignore_empty_value: true +- append: + field: related.hosts + value: '{{_tmp.service.domain}}' + allow_duplicates: false + if: ctx._tmp?.service?.domain != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml index 736fdc24a39..d6ed36b3782 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml @@ -2,14 +2,78 @@ name: ecs.version - external: ecs name: error.message +- external: ecs + name: event.action +- external: ecs + name: event.category +- external: ecs + name: event.created +- external: ecs + name: event.kind +- external: ecs + name: event.original +- external: ecs + name: event.type +- external: ecs + name: group.id +- external: ecs + name: group.name +- external: ecs + name: log.file.path +- external: ecs + name: related.hosts +- external: ecs + name: related.ip +- external: ecs + name: related.user +- external: ecs + name: service.address +- external: ecs + name: source.address +- external: ecs + name: source.as.number +- external: ecs + name: source.as.organization.name +- external: ecs + name: source.bytes +- external: ecs + name: source.domain +- external: ecs + name: source.geo.city_name +- external: ecs + name: source.geo.continent_name +- external: ecs + name: source.geo.country_iso_code +- external: ecs + name: source.geo.country_name +- description: Longitude and latitude. + example: '{ "lon": -73.614830, "lat": 45.505918 }' + name: source.geo.location + type: geo_point +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.region_iso_code +- external: ecs + name: source.geo.region_name +- external: ecs + name: source.ip - external: ecs name: tags +- external: ecs + name: user.changes.email +- external: ecs + name: user.changes.full_name +- external: ecs + name: user.changes.name +- external: ecs + name: user.full_name - external: ecs name: user.id - external: ecs name: user.name - external: ecs - name: user.full_name + name: user.target.email - external: ecs name: user.target.full_name - external: ecs @@ -20,53 +84,3 @@ name: user.target.id - external: ecs name: user.target.name -- external: ecs - name: user.changes.name -- external: ecs - name: user.changes.email -- external: ecs - name: user.changes.full_name -- external: ecs - name: group.name -- external: ecs - name: group.id -- name: source.address - external: ecs -- name: source.as.number - external: ecs -- name: source.as.organization.name - external: ecs -- name: source.bytes - external: ecs -- name: source.domain - external: ecs -- name: source.geo.city_name - external: ecs -- name: source.geo.continent_name - external: ecs -- name: source.geo.country_iso_code - external: ecs -- name: source.geo.country_name - external: ecs -- name: source.geo.location - description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - type: geo_point -- name: source.geo.name - external: ecs -- name: source.geo.region_iso_code - external: ecs -- name: source.geo.region_name - external: ecs -- name: source.ip - external: ecs -- name: log.file.path - external: ecs -- name: service.address - external: ecs -- name: related.ip - external: ecs -- name: related.user - external: ecs -- name: related.hosts - external: ecs diff --git a/packages/atlassian_confluence/data_stream/audit/fields/fields.yml b/packages/atlassian_confluence/data_stream/audit/fields/fields.yml index 841f8aa1122..bded174347f 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/fields.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/fields.yml @@ -41,3 +41,7 @@ type: flattened description: | Affected Objects + - name: external_collaborator + type: boolean + description: | + Whether the user is an external collaborator user diff --git a/packages/atlassian_confluence/data_stream/audit/manifest.yml b/packages/atlassian_confluence/data_stream/audit/manifest.yml index 2c59289e991..359e2c49b09 100644 --- a/packages/atlassian_confluence/data_stream/audit/manifest.yml +++ b/packages/atlassian_confluence/data_stream/audit/manifest.yml @@ -73,6 +73,14 @@ streams: required: false multi: false show_user: true + - name: atlassian_cloud + required: true + show_user: true + title: Atlassian Cloud + description: Is this an Atlassian SaaS Confluence instance + type: bool + multi: false + default: false - name: http_client_timeout type: text title: HTTP Client Timeout diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 1f938c6114b..76f79e3e1e1 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -6,7 +6,7 @@ The Confluence integration collects [audit logs](https://confluence.atlassian.co ### Audit -The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. This has not been tested with Confluence Cloud and is not expected to work. +The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. **Exported fields** @@ -24,6 +24,7 @@ The Confluence integration collects audit logs from the audit log files or the a | cloud.region | Region in which this host is running. | keyword | | confluence.audit.affected_objects | Affected Objects | flattened | | confluence.audit.changed_values | Changed Values | flattened | +| confluence.audit.external_collaborator | Whether the user is an external collaborator user | boolean | | confluence.audit.extra_attributes | Extra Attributes | flattened | | confluence.audit.method | Method | keyword | | confluence.audit.type.action | Action | keyword | @@ -41,8 +42,14 @@ The Confluence integration collects audit logs from the audit log files or the a | data_stream.type | Data stream type. | constant_keyword | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | error.message | Error message. | match_only_text | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | +| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | event.dataset | Event dataset | constant_keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.module | Event module | constant_keyword | +| event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | group.id | Unique identifier for the group on the system/platform. | keyword | | group.name | Name of the group. | keyword | | host.architecture | Operating system architecture. | keyword | @@ -95,6 +102,7 @@ The Confluence integration collects audit logs from the audit log files or the a | user.id | Unique identifier of the user. | keyword | | user.name | Short name or login of the user. | keyword | | user.name.text | Multi-field of `user.name`. | match_only_text | +| user.target.email | User email address. | keyword | | user.target.full_name | User's full name, if available. | keyword | | user.target.full_name.text | Multi-field of `user.target.full_name`. | match_only_text | | user.target.group.id | Unique identifier for the group on the system/platform. | keyword | diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index 721698bdac0..376a218f08e 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: 1.2.0 +version: 1.3.0 license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration diff --git a/packages/atlassian_jira/_dev/build/docs/README.md b/packages/atlassian_jira/_dev/build/docs/README.md index cffbe784c24..8481ce578e9 100644 --- a/packages/atlassian_jira/_dev/build/docs/README.md +++ b/packages/atlassian_jira/_dev/build/docs/README.md @@ -6,7 +6,7 @@ The Jira integration collects audit logs from the audit log files or the [audit ### Audit -The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. This has not been tested with Jira Cloud and is not expected to work. +The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian JIRA Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. {{fields "audit"}} diff --git a/packages/atlassian_jira/_dev/deploy/docker/files/config.yml b/packages/atlassian_jira/_dev/deploy/docker/files/config.yml index 95e091754ad..f8e5c104b55 100644 --- a/packages/atlassian_jira/_dev/deploy/docker/files/config.yml +++ b/packages/atlassian_jira/_dev/deploy/docker/files/config.yml @@ -1,4 +1,5 @@ rules: + # JIRA Self Hosted - path: /rest/auditing/1.0/events methods: ["GET"] request_headers: @@ -23,3 +24,30 @@ rules: - status_code: 200 body: |- {"entities":[{"timestamp":"2021-11-22T00:34:47.536Z","author":{"name":"test.user","type":"ApplicationUser","id":"10000","uri":"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"175.16.199.1","system":"http://jira.internal:8088","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"45 - 94"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"50"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z"}]},{"timestamp":"2021-11-22T00:34:40.008Z","author":{"name":"test.user","type":"ApplicationUser","id":"10000","uri":"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"175.16.199.1","system":"http://jira.internal:8088","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"44 - 93"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"50"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z"}]}],"pagingInfo":{"nextPageOffset":0,"nextPageCursor":"1637539714166,47","nextPageLink":"http://{{ hostname }}:{{ env "PORT" }}/rest/auditing/1.0/events?offset=0&limit=2&pageCursor=1637539714166,47","lastPage":false,"size":2}} + # JIRA Cloud + - path: /rest/api/3/auditing/record + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + from: "{from:.*}" + to: "{to:.*}" + offset: "2" + limit: "2" + responses: + - status_code: 200 + body: |- + {"offset":2,"limit":2,"total":4,"records":[{"id":11939,"summary":"User added to group","created":"2022-01-18T08:43:02.838+0000","category":"group management","eventSource":"","objectItem":{"name":"jira-software-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]},{"id":11938,"summary":"User added to group","created":"2022-01-18T08:43:02.768+0000","category":"group management","eventSource":"","objectItem":{"name":"confluence-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]}]} + - path: /rest/api/3/auditing/record + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + from: "{from:.*}" + to: "{to:.*}" + limit: "2" + offset: "0" + responses: + - status_code: 200 + body: |- + {"offset":0,"limit":2,"total":4,"records":[{"id":11652,"summary":"User updated","created":"2021-11-17T16:00:37.374+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]},{"id":11651,"summary":"User updated","created":"2021-11-16T09:25:56.725+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]}]} diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index d2abe8881cb..395bf8bd937 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Add support for Atlassian JIRA Cloud + type: enhancement + link: https://github.com/elastic/integrations/pull/2715 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 2fe8055d2d6..ce2c181c9d2 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -5,58 +5,14 @@ "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "test.user" - ], - "hosts": [ - "jira.internal" - ], - "ip": [ - "175.16.199.1" - ] - }, - "service": { - "address": "http://jira.internal:8088" - }, - "source": { - "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", - "city_name": "Changchun", - "country_iso_code": "CN", - "country_name": "China", - "region_name": "Jilin Sheng", - "location": { - "lon": 125.3228, - "lat": 43.88 - } - }, - "address": "175.16.199.1", - "ip": "175.16.199.1" - }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:47.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"45 - 94\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -77,67 +33,67 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:34:40.008Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { + "address": "175.16.199.1", "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", "city_name": "Changchun", + "continent_name": "Asia", "country_iso_code": "CN", "country_name": "China", - "region_name": "Jilin Sheng", "location": { - "lon": 125.3228, - "lat": 43.88 - } + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" }, - "address": "175.16.199.1", "ip": "175.16.199.1" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:34:40.008Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:40.008Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"44 - 93\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -158,93 +114,106 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:34:23.154Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.50.33.72" + "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" + "address": "175.16.199.1", + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:34:23.154Z", + "ecs": { + "version": "8.2.0" }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:23.154Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"personal.access.tokens.audit.log.category\",\"category\":\"Security\",\"actionI18nKey\":\"personal.access.tokens.audit.log.summary.token.created\",\"action\":\"Personal access token created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"User\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"personal.access.tokens.audit.log.extra.attribute.name\",\"name\":\"Token Name\",\"value\":\"asdf\"}]}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "User", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], - "type": { - "actionI18nKey": "personal.access.tokens.audit.log.summary.token.created", - "action": "Personal access token created", - "categoryI18nKey": "personal.access.tokens.audit.log.category", - "category": "Security" - }, "extra_attributes": [ { "name": "Token Name", "nameI18nKey": "personal.access.tokens.audit.log.extra.attribute.name", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "Personal access token created", + "actionI18nKey": "personal.access.tokens.audit.log.summary.token.created", + "category": "Security", + "categoryI18nKey": "personal.access.tokens.audit.log.category" + } } - } - }, - { - "@timestamp": "2021-11-22T00:32:20.234Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -254,28 +223,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:32:20.234Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:32:20.234Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:33.746Z\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -296,24 +264,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:08:33.746Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:31:52.991Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -323,28 +292,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:31:52.991Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:52.991Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"41 - 90\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:33.887Z - 2021-11-22T00:31:37.412Z\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -365,24 +333,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:33.887Z - 2021-11-22T00:31:37.412Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:31:37.412Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -392,28 +361,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-22T00:31:37.412Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"69 - 78\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], - "jira": { - "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:31:37.412Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:31:37.412Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"69 - 78\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z\"}]}", + "type": "info" + }, + "jira": { + "audit": { "extra_attributes": [ { "name": "ID Range", @@ -434,24 +402,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:31:26.455Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -461,28 +430,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:31:26.455Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:26.455Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 88\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.266Z - 2021-11-22T00:30:59.449Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -503,24 +471,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.266Z - 2021-11-22T00:30:59.449Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:30:59.449Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -530,28 +499,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:30:59.449Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:30:59.449Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:26:03.206Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -572,24 +540,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:26:03.206Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:26:03.206Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -599,28 +568,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:26:03.206Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:26:03.206Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:12:02.856Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -641,24 +609,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:12:02.856Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:12:02.856Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -668,28 +637,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:12:02.856Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:12:02.856Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -710,24 +678,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.545Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -737,66 +706,66 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.545Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.version.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.545Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 3.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10002\",\"id\":\"10002\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 3.0\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 3.0", "id": "10002", + "name": "Version 3.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10002" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.version.created", - "action": "Project version created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "common.words.name", "key": "Name", "to": "Version 3.0" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.543Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -806,42 +775,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.543Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.version.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.543Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 2.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10001\",\"id\":\"10001\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 2.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-28\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 2.0", "id": "10001", + "name": "Version 2.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10001" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.version.created", - "action": "Project version created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -853,24 +821,25 @@ "key": "Release date", "to": "2021-11-28" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -880,59 +849,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.535Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.version.released", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.released\",\"action\":\"Project version released\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 1.0", "id": "10000", + "name": "Version 1.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.version.released", "action": "Project version released", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" + "actionI18nKey": "jira.auditing.version.released", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.521Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -942,42 +911,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.521Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.version.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.521Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 1.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-14\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 1.0", "id": "10000", + "name": "Version 1.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.version.created", - "action": "Project version created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -989,24 +957,25 @@ "key": "Release date", "to": "2021-11-14" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.506Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1016,65 +985,65 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.506Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.project.roles.changed", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.506Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"action\":\"Project roles changed\"},\"affectedObjects\":[{\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\",\"id\":\"10100\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Users\",\"i18nKey\":\"admin.common.words.users\",\"to\":\"JIRAUSER10000\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10100", "name": "Developers", - "type": "PROJECT_ROLE", - "id": "10100" + "type": "PROJECT_ROLE" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.project.roles.changed", - "action": "Project roles changed", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "admin.common.words.users", "key": "Users", "to": "JIRAUSER10000" } - ] + ], + "method": "Browser", + "type": { + "action": "Project roles changed", + "actionI18nKey": "jira.auditing.project.roles.changed", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.297Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1084,47 +1053,46 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.297Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.project.created", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.297Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.created\",\"action\":\"Project created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Default Assignee\",\"i18nKey\":\"admin.projects.default.assignee\",\"to\":\"Unassigned\"},{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"to\":\"\"},{\"key\":\"Key\",\"i18nKey\":\"common.words.key\",\"to\":\"TEST\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"test\"},{\"key\":\"Project Lead\",\"i18nKey\":\"common.concepts.projectlead\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.297Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.created\",\"action\":\"Project created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Default Assignee\",\"i18nKey\":\"admin.projects.default.assignee\",\"to\":\"Unassigned\"},{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"to\":\"\"},{\"key\":\"Key\",\"i18nKey\":\"common.words.key\",\"to\":\"TEST\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"test\"},{\"key\":\"Project Lead\",\"i18nKey\":\"common.concepts.projectlead\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], - "type": { - "actionI18nKey": "jira.auditing.project.created", - "action": "Project created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "admin.projects.default.assignee", @@ -1150,24 +1118,25 @@ "key": "Project Lead", "to": "test.user" } - ] + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "jira.auditing.project.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1177,59 +1146,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.266Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.266Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"action\":\"Permission scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.permission.scheme.added.to.project", "action": "Permission scheme added to project", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" + "actionI18nKey": "jira.auditing.permission.scheme.added.to.project", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.249Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1239,65 +1208,65 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.removed.from.project", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.249Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"action\":\"Permission scheme removed from project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "deletion" - ], - "category": [ - "configuration", - "iam" - ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.249Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.removed.from.project", + "category": [ + "configuration", + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.249Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"action\":\"Permission scheme removed from project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "deletion" + ] + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.permission.scheme.removed.from.project", "action": "Permission scheme removed from project", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" + "actionI18nKey": "jira.auditing.permission.scheme.removed.from.project", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.243Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1307,36 +1276,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.243Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.243Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1348,24 +1316,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.241Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1375,36 +1344,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.241Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.241Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Start/Complete Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1416,24 +1384,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.239Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1443,36 +1412,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.239Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.239Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1484,24 +1452,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.236Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1511,36 +1480,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.236Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.236Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Development Tools\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1552,24 +1520,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.235Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1579,36 +1548,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.235Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.235Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Transition Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1620,24 +1588,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.233Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1647,36 +1616,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.233Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Read-Only Workflow\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.233Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.233Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Read-Only Workflow\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1688,24 +1656,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.231Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1715,36 +1684,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.231Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.231Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1761,24 +1729,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.229Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1788,36 +1757,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.229Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.229Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1829,24 +1797,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.227Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1856,36 +1825,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.227Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.227Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1902,24 +1870,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.225Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1929,36 +1898,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.225Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.225Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1970,24 +1938,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.223Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1997,36 +1966,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.223Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.223Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2038,24 +2006,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.221Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2065,36 +2034,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.221Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], - "jira": { - "audit": { - "method": "Browser", + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.221Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.221Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, + "jira": { + "audit": { "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2111,24 +2079,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.219Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2138,36 +2107,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.219Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.219Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2179,24 +2147,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.217Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2206,36 +2175,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.217Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.217Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2252,24 +2220,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.215Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2279,36 +2248,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.215Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.215Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2320,24 +2288,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.212Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2347,36 +2316,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.212Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.212Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2393,24 +2361,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.210Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2420,36 +2389,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.210Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.210Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2466,24 +2434,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.208Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2493,36 +2462,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.208Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Voters and Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.208Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.208Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Voters and Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2534,24 +2502,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.204Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2561,36 +2530,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.204Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.204Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Modify Reporter\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2607,24 +2575,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.190Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2634,36 +2603,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.190Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.190Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Schedule Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2675,24 +2643,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.187Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2702,36 +2671,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.187Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.187Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Move Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2743,24 +2711,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.184Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2770,36 +2739,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.184Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.184Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Administer Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2816,24 +2784,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.182Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2843,36 +2812,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.182Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.182Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Link Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2884,24 +2852,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.180Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2911,36 +2880,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.180Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Work On Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], - "jira": { - "audit": { - "method": "Browser", + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.180Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.180Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Work On Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, + "jira": { + "audit": { "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2952,24 +2920,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.178Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2979,36 +2948,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.178Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.178Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3020,24 +2988,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.176Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3047,36 +3016,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.176Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.176Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Close Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3088,24 +3056,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.174Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3115,36 +3084,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.174Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.174Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assignable User\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3156,24 +3124,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.173Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3183,36 +3152,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.173Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.173Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3229,24 +3197,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.171Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3256,36 +3225,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.171Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.171Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Add Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3297,24 +3265,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.168Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3324,36 +3293,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.168Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Resolve Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.168Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.168Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Resolve Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3365,24 +3333,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.166Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3392,36 +3361,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.166Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.166Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assign Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3433,24 +3401,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.165Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3460,36 +3429,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.165Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.165Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3501,24 +3469,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.163Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3528,36 +3497,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.163Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.163Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3569,24 +3537,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.151Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3596,36 +3565,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.151Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.151Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3637,24 +3605,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.142Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3664,36 +3633,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.142Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.142Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"action\":\"Permission scheme created\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Default scheme for Software projects.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Default software scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.created", - "action": "Permission scheme created", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -3705,24 +3673,25 @@ "key": "Name", "to": "Default software scheme" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme created", + "actionI18nKey": "jira.auditing.permission.scheme.created", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.072Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3732,59 +3701,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "Board created", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.072Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.boards\",\"category\":\"boards\",\"actionI18nKey\":\"Board created\",\"action\":\"Board created\"},\"affectedObjects\":[{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"},{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], - "jira": { - "audit": { - "method": "Browser", + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.072Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Board created", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.072Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.boards\",\"category\":\"boards\",\"actionI18nKey\":\"Board created\",\"action\":\"Board created\"},\"affectedObjects\":[{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"},{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, + "jira": { + "audit": { "affected_objects": [ { - "name": "TEST board", "id": "1", + "name": "TEST board", "type": "BOARD", "uri": "http://jira.internal:8088/secure/RapidView.jspa?rapidView=1" }, { - "name": "TEST board", "id": "1", + "name": "TEST board", "type": "BOARD", "uri": "http://jira.internal:8088/secure/RapidView.jspa?rapidView=1" } ], + "method": "Browser", "type": { - "actionI18nKey": "Board created", "action": "Board created", - "categoryI18nKey": "jira.auditing.category.boards", - "category": "boards" + "actionI18nKey": "Board created", + "category": "boards", + "categoryI18nKey": "jira.auditing.category.boards" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.887Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3794,48 +3763,47 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.887Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.filter.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.887Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.filters\",\"category\":\"filters\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"action\":\"Filter created\"},\"affectedObjects\":[{\"name\":\"Filter for TEST board\",\"type\":\"FILTER\",\"uri\":\"http://jira.internal:8088/issues/?filter=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"from\":\"\"},{\"key\":\"JQL Query\",\"i18nKey\":\"jira.jql.query\",\"from\":\"\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"from\":\"\",\"to\":\"Filter for TEST board\"},{\"key\":\"Owner\",\"i18nKey\":\"common.concepts.owner\",\"from\":\"\",\"to\":\"test.user\"},{\"key\":\"Shared with\",\"i18nKey\":\"common.concepts.shared.with\",\"from\":\"[]\",\"to\":\"[Project: test (VIEW)]\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Filter for TEST board", "id": "10000", + "name": "Filter for TEST board", "type": "FILTER", "uri": "http://jira.internal:8088/issues/?filter=10000" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.filter.created", - "action": "Filter created", - "categoryI18nKey": "jira.auditing.category.filters", - "category": "filters" - }, "changed_values": [ { "i18nKey": "common.concepts.description", @@ -3858,28 +3826,29 @@ }, { "from": "[]", - "to": "[Project: test (VIEW)]", "i18nKey": "common.concepts.shared.with", - "key": "Shared with" + "key": "Shared with", + "to": "[Project: test (VIEW)]" } - ] + ], + "method": "Browser", + "type": { + "action": "Filter created", + "actionI18nKey": "jira.auditing.filter.created", + "category": "filters", + "categoryI18nKey": "jira.auditing.category.filters" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.746Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3889,59 +3858,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.746Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.746Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"action\":\"Workflow scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "TEST: Software Simplified Workflow Scheme", "id": "10100", + "name": "TEST: Software Simplified Workflow Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.workflow.scheme.added.to.project", "action": "Workflow scheme added to project", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" + "actionI18nKey": "jira.auditing.workflow.scheme.added.to.project", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.732Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3951,36 +3920,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.732Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.workflow.scheme.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.732Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"action\":\"Workflow scheme created\"},\"affectedObjects\":[{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "TEST: Software Simplified Workflow Scheme", "id": "10100", + "name": "TEST: Software Simplified Workflow Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100" } ], - "type": { - "actionI18nKey": "jira.auditing.workflow.scheme.created", - "action": "Workflow scheme created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -3992,24 +3960,25 @@ "key": "Name", "to": "TEST: Software Simplified Workflow Scheme" } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow scheme created", + "actionI18nKey": "jira.auditing.workflow.scheme.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.710Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4019,36 +3988,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.710Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.workflow.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.710Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"action\":\"Workflow created\"},\"affectedObjects\":[{\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\",\"uri\":\"http://jira.internal:8088/secure/admin/workflows/ViewWorkflowSteps.jspa?workflowMode=live\u0026workflowName=Software Simplified Workflow for Project TEST\",\"id\":\"Software Simplified Workflow for Project TEST\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"key\":\"Status\",\"i18nKey\":\"common.words.status\",\"to\":\"To Do, In Progress, Done\"},{\"key\":\"Transition\",\"i18nKey\":\"admin.workflowtransition.transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Software Simplified Workflow for Project TEST", "id": "Software Simplified Workflow for Project TEST", + "name": "Software Simplified Workflow for Project TEST", "type": "WORKFLOW", "uri": "http://jira.internal:8088/secure/admin/workflows/ViewWorkflowSteps.jspa?workflowMode=live\u0026workflowName=Software Simplified Workflow for Project TEST" } ], - "type": { - "actionI18nKey": "jira.auditing.workflow.created", - "action": "Workflow created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4070,24 +4038,25 @@ "key": "Transition", "to": "Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)" } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow created", + "actionI18nKey": "jira.auditing.workflow.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.537Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4097,60 +4066,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.537Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.537Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10003\",\"id\":\"10003\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Cannot Reproduce", "id": "10003", + "name": "Cannot Reproduce", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10003" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.536Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4160,60 +4129,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.536Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Duplicate\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10002\",\"id\":\"10002\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"The problem is a duplicate of an existing issue.\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Duplicate", "id": "10002", + "name": "Duplicate", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10002" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "The problem is a duplicate of an existing issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4223,60 +4192,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.535Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Won't Do\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10001\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"This issue won't be actioned.\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Won't Do", "id": "10001", + "name": "Won't Do", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10001" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "This issue won't be actioned." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.534Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4286,60 +4255,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.534Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.534Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Done\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"Work has been completed on this issue.\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Done", "id": "10000", + "name": "Done", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "Work has been completed on this issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.088Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4349,36 +4318,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.088Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:09.088Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10111\",\"id\":\"customfield_10111\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Story Points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Number Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Story Points", "id": "customfield_10111", + "name": "Story Points", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10111" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4395,24 +4363,25 @@ "key": "Type", "to": "Number Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.037Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4422,57 +4391,57 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.037Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"timestamp\":\"2021-11-22T00:07:09.037Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Story\",\"type\":\"ISSUE_TYPE\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:07:09.037Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Story\",\"type\":\"ISSUE_TYPE\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Story", - "type": "ISSUE_TYPE", - "id": "10001" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.issue.type.created", "action": "Issue type created", - "categoryI18nKey": "jira.auditing.category.issuetypes", - "category": "issue types" + "actionI18nKey": "jira.auditing.issue.type.created", + "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes" } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.794Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4482,36 +4451,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.794Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.794Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10110\",\"id\":\"customfield_10110\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Rank\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Global Rank\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Rank", "id": "customfield_10110", + "name": "Rank", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10110" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4528,24 +4496,25 @@ "key": "Type", "to": "Global Rank" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.725Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4555,36 +4524,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.725Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.725Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10109\",\"id\":\"customfield_10109\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Epic Link Relationship\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Link", "id": "customfield_10109", + "name": "Epic Link", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10109" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4601,24 +4569,25 @@ "key": "Type", "to": "Epic Link Relationship" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.694Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4628,36 +4597,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.694Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.694Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10108\",\"id\":\"customfield_10108\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Jira Software sprint field\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Sprint\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Jira Sprint Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Sprint", "id": "customfield_10108", + "name": "Sprint", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10108" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4674,24 +4642,25 @@ "key": "Type", "to": "Jira Sprint Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.669Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4701,36 +4670,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.669Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:01.669Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10107\",\"id\":\"customfield_10107\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Colour\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Colour of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Colour", "id": "customfield_10107", + "name": "Epic Colour", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10107" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4747,24 +4715,25 @@ "key": "Type", "to": "Colour of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.644Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4774,36 +4743,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.644Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:01.644Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10106\",\"id\":\"customfield_10106\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Status\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Status of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Status", "id": "customfield_10106", + "name": "Epic Status", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10106" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4820,24 +4788,25 @@ "key": "Type", "to": "Status of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.522Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4847,36 +4816,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.522Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.522Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10105\",\"id\":\"customfield_10105\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Provide a short name to identify this epic.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Name\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Name of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Name", "id": "customfield_10105", + "name": "Epic Name", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10105" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4893,24 +4861,25 @@ "key": "Type", "to": "Name of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.485Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4920,57 +4889,57 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.485Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"timestamp\":\"2021-11-22T00:06:59.485Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:59.485Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Epic", - "type": "ISSUE_TYPE", - "id": "10000" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.issue.type.created", "action": "Issue type created", - "categoryI18nKey": "jira.auditing.category.issuetypes", - "category": "issue types" + "actionI18nKey": "jira.auditing.issue.type.created", + "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.340Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4980,53 +4949,53 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.customfield.updated", - "original": "{\"timestamp\":\"2021-11-22T00:06:59.340Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "jira": { - "audit": { - "method": "Browser", - "affected_objects": [ + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.340Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.customfield.updated", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:59.340Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ { - "name": "Target end", "id": "customfield_10103", + "name": "Target end", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.customfield.updated", "action": "Custom field updated", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" + "actionI18nKey": "jira.auditing.customfield.updated", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.332Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5036,53 +5005,53 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.332Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.332Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target start", "id": "customfield_10102", + "name": "Target start", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.customfield.updated", "action": "Custom field updated", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" + "actionI18nKey": "jira.auditing.customfield.updated", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.313Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5092,36 +5061,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.313Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.313Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10104\",\"id\":\"customfield_10104\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Original story points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Original story points\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Original story points", "id": "customfield_10104", + "name": "Original story points", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10104" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5133,24 +5101,25 @@ "key": "Type", "to": "Original story points" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5160,36 +5129,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.266Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.266Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target end\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target end\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target end", "id": "customfield_10103", + "name": "Target end", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -5206,24 +5174,25 @@ "key": "Type", "to": "Target end" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.224Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5233,36 +5202,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.224Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.224Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target start\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target start\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target start", "id": "customfield_10102", + "name": "Target start", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -5279,24 +5247,25 @@ "key": "Type", "to": "Target start" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.990Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5306,53 +5275,53 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.990Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.990Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Parent Link", "id": "customfield_10101", + "name": "Parent Link", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.customfield.updated", "action": "Custom field updated", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" + "actionI18nKey": "jira.auditing.customfield.updated", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.974Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5362,36 +5331,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.974Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.974Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Parent Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Parent Link\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Parent Link", "id": "customfield_10101", + "name": "Parent Link", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5403,24 +5371,25 @@ "key": "Type", "to": "Parent Link" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.318Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5430,36 +5399,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.318Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.318Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10100\",\"id\":\"customfield_10100\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Team\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Team\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Team", "id": "customfield_10100", + "name": "Team", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10100" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5471,24 +5439,25 @@ "key": "Type", "to": "Team" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.162Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5498,36 +5467,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.162Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.162Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5544,24 +5512,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.158Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5571,70 +5540,70 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.158Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.158Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"Manage Sprints\",\"to\":\"\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"Project Role\",\"to\":\"\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"Administrators\",\"to\":\"\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { - "i18nKey": "admin.common.words.permission", "from": "Manage Sprints", + "i18nKey": "admin.common.words.permission", "key": "Permission" }, { - "i18nKey": "admin.common.words.type", "from": "Project Role", + "i18nKey": "admin.common.words.type", "key": "Type" }, { - "i18nKey": "admin.common.words.value", "from": "Administrators", + "i18nKey": "admin.common.words.value", "key": "Value" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.138Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5644,36 +5613,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.138Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.138Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5690,25 +5658,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.756Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5718,35 +5686,33 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.756Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.756Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-software-users" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", @@ -5754,35 +5720,31 @@ "uri": "http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.user.added.to.group", "action": "User added to group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", - "category": "group management" + "actionI18nKey": "jira.auditing.user.added.to.group", + "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.754Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -5792,41 +5754,47 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.754Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-software-users" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.754Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.global.permission.added", "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.754Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -5838,24 +5806,25 @@ "key": "Permission", "to": "Manage Group Filter Subscriptions" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.752Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5865,41 +5834,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.752Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.752Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.752Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -5911,24 +5879,25 @@ "key": "Permission", "to": "Create Shared Objects" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.751Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5938,41 +5907,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.751Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.751Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.751Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -5984,24 +5952,25 @@ "key": "Permission", "to": "Browse Users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.750Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6011,41 +5980,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.750Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.750Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.750Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6057,25 +6025,25 @@ "key": "Permission", "to": "Bulk Change" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.734Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6085,35 +6053,33 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.734Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.734Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-administrators\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-administrators" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-administrators", @@ -6121,36 +6087,31 @@ "uri": "http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-administrators" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.user.added.to.group", "action": "User added to group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", - "category": "group management" + "actionI18nKey": "jira.auditing.user.added.to.group", + "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.600Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -6160,51 +6121,48 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-administrators" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.600Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.user.created", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.600Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Active / Inactive\",\"i18nKey\":\"admin.common.phrases.active.inactive\",\"to\":\"Active\"},{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"to\":\"test.user@example.com\"},{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"to\":\"Alex\"},{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "changes": { - "name": "test.user", - "email": "test.user@example.com", - "full_name": "Alex" - }, - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000" - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], - "type": { - "actionI18nKey": "jira.auditing.user.created", - "action": "User created", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "i18nKey": "admin.common.phrases.active.inactive", @@ -6226,24 +6184,26 @@ "key": "Username", "to": "test.user" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "jira.auditing.user.created", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.596Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -6253,35 +6213,43 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "email": "test.user@example.com", + "full_name": "Alex", + "name": "test.user" + }, + "id": "-2", + "name": "Anonymous", + "target": { + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:05:08.596Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.system.license.added", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.596Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.system\",\"category\":\"system\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"action\":\"New license added\"},\"affectedObjects\":[{\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Date Purchased\",\"i18nKey\":\"admin.license.date.purchased\",\"to\":\"21/Nov/21\"},{\"key\":\"License Type\",\"i18nKey\":\"admin.license.type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"key\":\"Organization\",\"i18nKey\":\"admin.license.organisation\",\"to\":\"myself\"},{\"key\":\"Server ID\",\"i18nKey\":\"admin.server.id\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"key\":\"Support Entitlement Number (SEN)\",\"i18nKey\":\"admin.license.sen\",\"to\":\"SEN-L17782970\"},{\"key\":\"User Limit\",\"i18nKey\":\"admin.license.user.limit\",\"to\":\"Unlimited\"},{\"key\":\"jira-software\",\"i18nKey\":\"jira-software\",\"to\":\"-1\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "SEN-L17782970", - "type": "LICENSE", - "id": "0" + "type": "LICENSE" } ], - "type": { - "actionI18nKey": "jira.auditing.system.license.added", - "action": "New license added", - "categoryI18nKey": "jira.auditing.category.system", - "category": "system" - }, "changed_values": [ { "i18nKey": "admin.license.date.purchased", @@ -6318,24 +6286,25 @@ "key": "jira-software", "to": "-1" } - ] + ], + "method": "Browser", + "type": { + "action": "New license added", + "actionI18nKey": "jira.auditing.system.license.added", + "category": "system", + "categoryI18nKey": "jira.auditing.category.system" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.584Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6345,41 +6314,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.584Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.584Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.584Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6391,24 +6359,25 @@ "key": "Permission", "to": "Manage Group Filter Subscriptions" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.583Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6418,41 +6387,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.583Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.583Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.583Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6464,24 +6432,25 @@ "key": "Permission", "to": "Create Shared Objects" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.581Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6491,41 +6460,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.581Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.581Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.581Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6537,24 +6505,25 @@ "key": "Permission", "to": "Bulk Change" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.579Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6564,41 +6533,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.579Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.579Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.579Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6610,24 +6578,25 @@ "key": "Permission", "to": "Browse Users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.514Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6637,28 +6606,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.514Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.group.created", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.514Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" + ] }, - "user": { - "name": "Anonymous", - "id": "-2" + "group": { + "name": "jira-software-users" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", @@ -6666,103 +6643,89 @@ "uri": "http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.group.created", "action": "Group created", - "categoryI18nKey": "jira.auditing.category.groupmanagement", - "category": "group management" + "actionI18nKey": "jira.auditing.group.created", + "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement" } } }, - "group": { - "name": "jira-software-users" - } - }, - { - "@timestamp": "2021-11-28T18:18:26.076Z", - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "admin.user", - "admin.user1" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.100.100.2" + "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.100.100.2", - "ip": "10.100.100.2" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-28T18:18:26.076Z", + "ecs": { + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.renamed", + "kind": "event", "original": "{\"timestamp\":\"2021-11-28T18:18:26.076Z\",\"author\":{\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"from\":\"admin.user\",\"to\":\"admin.user1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin.user", - "changes": { - "name": "admin.user1" - }, - "id": "10000", - "target": { - "name": "admin.user" - } + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin.user1", "id": "JIRAUSER10000", + "name": "admin.user1", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1" } ], - "type": { - "actionI18nKey": "jira.auditing.user.renamed", - "action": "User renamed", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "from": "admin.user", - "to": "admin.user1", "i18nKey": "common.words.username", - "key": "Username" + "key": "Username", + "to": "admin.user1" } - ] + ], + "method": "Browser", + "type": { + "action": "User renamed", + "actionI18nKey": "jira.auditing.user.renamed", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } } - } - }, - { - "@timestamp": "2021-11-28T18:23:20.278Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "admin.user1" - ], "hosts": [ "jira.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin.user", + "admin.user1" ] }, "service": { @@ -6772,75 +6735,73 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "jira.auditing.user.updated", - "original": "{\"timestamp\":\"2021-11-28T18:23:20.278Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"from\":\"admin@example.com\",\"to\":\"admin1@example.com\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin.user1", "changes": { - "email": "admin1@example.com" + "name": "admin.user1" }, "id": "10000", + "name": "admin.user", "target": { - "name": "admin.user1", - "email": "admin@example.com", - "id": "JIRAUSER10000" + "name": "admin.user" } + } + }, + { + "@timestamp": "2021-11-28T18:23:20.278Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.user.updated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T18:23:20.278Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"from\":\"admin@example.com\",\"to\":\"admin1@example.com\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin.user1", "id": "JIRAUSER10000", + "name": "admin.user1", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1" } ], - "type": { - "actionI18nKey": "jira.auditing.user.updated", - "action": "User updated", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "from": "admin@example.com", - "to": "admin1@example.com", "i18nKey": "common.words.email", - "key": "Email" + "key": "Email", + "to": "admin1@example.com" } - ] + ], + "method": "Browser", + "type": { + "action": "User updated", + "actionI18nKey": "jira.auditing.user.updated", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } } - } - }, - { - "@timestamp": "2021-11-28T18:23:13.741Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "admin.user1" - ], "hosts": [ "jira.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin.user1" ] }, "service": { @@ -6850,58 +6811,97 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "jira.auditing.user.updated", - "original": "{\"timestamp\":\"2021-11-28T18:23:13.741Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"from\":\"Admin User\",\"to\":\"Admin User1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin.user1", "changes": { - "full_name": "Admin User1" + "email": "admin1@example.com" }, "id": "10000", + "name": "admin.user1", "target": { - "name": "admin.user1", - "full_name": "Admin User", - "id": "JIRAUSER10000" + "email": "admin@example.com", + "id": "JIRAUSER10000", + "name": "admin.user1" } + } + }, + { + "@timestamp": "2021-11-28T18:23:13.741Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "jira.auditing.user.updated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T18:23:13.741Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"from\":\"Admin User\",\"to\":\"Admin User1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin.user1", "id": "JIRAUSER10000", + "name": "admin.user1", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1" } ], - "type": { - "actionI18nKey": "jira.auditing.user.updated", - "action": "User updated", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "from": "Admin User", - "to": "Admin User1", "i18nKey": "common.words.fullname", - "key": "Full name" + "key": "Full name", + "to": "Admin User1" } - ] + ], + "method": "Browser", + "type": { + "action": "User updated", + "actionI18nKey": "jira.auditing.user.updated", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } + } + }, + "related": { + "hosts": [ + "jira.internal" + ], + "ip": [ + "10.100.100.2" + ], + "user": [ + "admin.user1" + ] + }, + "service": { + "address": "http://jira.internal:8088" + }, + "source": { + "address": "10.100.100.2", + "ip": "10.100.100.2" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "full_name": "Admin User1" + }, + "id": "10000", + "name": "admin.user1", + "target": { + "full_name": "Admin User", + "id": "JIRAUSER10000", + "name": "admin.user1" } } } diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log new file mode 100644 index 00000000000..71edd1a75cb --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log @@ -0,0 +1,82 @@ +{"id":11959,"summary":"Project deleted","created":"2022-01-24T08:48:05.645+0000","category":"projects","eventSource":"","objectItem":{"id":"10000","name":"Test","typeName":"PROJECT"}} +{"id":11958,"summary":"Field Configuration scheme deleted","created":"2022-01-24T08:48:05.316+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"}} +{"id":11957,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:05.097+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Subtask","changedTo":""}]} +{"id":11956,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.939+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Epic","changedTo":""}]} +{"id":11955,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.716+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Bug","changedTo":""}]} +{"id":11954,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.530+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Task","changedTo":""}]} +{"id":11953,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.167+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Story","changedTo":""}]} +{"id":11952,"summary":"Workflow scheme deleted","created":"2022-01-24T08:48:04.020+0000","category":"workflows","eventSource":"","objectItem":{"id":"10001","name":"TEST: Software Simplified Workflow Scheme","typeName":"SCHEME"}} +{"id":11951,"summary":"Workflow deleted","created":"2022-01-24T08:48:03.965+0000","category":"workflows","eventSource":"","objectItem":{"id":"Project TEST: Software Workflow for 10001","name":"Project TEST: Software Workflow for 10001","typeName":"WORKFLOW"}} +{"id":11950,"summary":"Notification scheme deleted","created":"2022-01-24T08:48:03.371+0000","category":"notifications","eventSource":"","objectItem":{"id":"10001","name":"TEST: Simplified Notification Scheme","typeName":"SCHEME"}} +{"id":11949,"summary":"Project role deleted","created":"2022-01-24T08:48:03.355+0000","category":"projects","eventSource":"","objectItem":{"id":"10006","name":"Viewer","typeName":"PROJECT_ROLE"}} +{"id":11948,"summary":"Project role deleted","created":"2022-01-24T08:48:03.339+0000","category":"projects","eventSource":"","objectItem":{"id":"10005","name":"Member","typeName":"PROJECT_ROLE"}} +{"id":11947,"summary":"Project role deleted","created":"2022-01-24T08:48:03.322+0000","category":"projects","eventSource":"","objectItem":{"id":"10007","name":"atlassian-addons-project-access","typeName":"PROJECT_ROLE"}} +{"id":11946,"summary":"Project role deleted","created":"2022-01-24T08:48:03.305+0000","category":"projects","eventSource":"","objectItem":{"id":"10004","name":"Administrator","typeName":"PROJECT_ROLE"}} +{"id":11945,"summary":"Issue Security scheme deleted","created":"2022-01-24T08:48:03.259+0000","category":"permissions","eventSource":"","objectItem":{"id":"10000","name":"TEST: Simplified Issue Security Scheme","typeName":"SCHEME"}} +{"id":11944,"summary":"Permission scheme deleted","created":"2022-01-24T08:48:03.223+0000","category":"permissions","eventSource":"","objectItem":{"id":"10000","name":"TEST: Simplified Permission Scheme","typeName":"SCHEME"}} +{"id":11939,"summary":"User added to group","created":"2022-01-18T08:43:02.838+0000","category":"group management","eventSource":"","objectItem":{"name":"jira-software-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11938,"summary":"User added to group","created":"2022-01-18T08:43:02.768+0000","category":"group management","eventSource":"","objectItem":{"name":"confluence-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11937,"summary":"User created","created":"2022-01-18T08:43:02.602+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11935,"summary":"User added to group","created":"2022-01-14T16:37:07.126+0000","category":"group management","eventSource":"","objectItem":{"name":"confluence-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","name":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11934,"summary":"User created","created":"2022-01-14T16:37:07.019+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","name":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","name":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11933,"summary":"User's password changed","remoteAddress":"81.2.69.193","created":"2022-01-10T12:44:41.065+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11932,"summary":"Workflow updated","remoteAddress":"10.83.76.139","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2022-01-06T09:49:07.418+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11931,"summary":"Workflow updated","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2022-01-05T07:23:49.369+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11930,"summary":"Workflow updated","remoteAddress":"10.83.76.139","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2022-01-05T07:23:49.162+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11898,"summary":"Workflow updated","remoteAddress":"10.83.62.36","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-12-13T14:10:35.436+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11897,"summary":"User's password changed","remoteAddress":"81.2.69.193","created":"2021-12-10T11:57:29.971+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11896,"summary":"User created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-10T11:53:37.982+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11895,"summary":"Customer invited notification changed","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-10T11:52:39.940+0000","category":"projects","eventSource":"","objectItem":{"id":"10003","name":"Support","typeName":"PROJECT"},"changedValues":[{"fieldName":"isEnabled","changedFrom":"false","changedTo":"true"}],"associatedItems":[{"id":"10003","name":"Support","typeName":"PROJECT"}]} +{"id":11894,"summary":"User created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T17:15:05.069+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11893,"summary":"Customer permissions changed","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T17:03:54.188+0000","category":"projects","eventSource":"","description":"Update who can access the portal and send requests","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"Customer access","changedFrom":"Anyone with an account","changedTo":"Customers my team adds to the project"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11892,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:56:48.122+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"89","changedTo":""},{"fieldName":"description","changedFrom":"Want to access work stuff from outside? Let us know.","changedTo":""},{"fieldName":"name","changedFrom":"Set up VPN to the office","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10024","changedTo":""},{"fieldName":"iconId","changedFrom":"10526","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11891,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:56:24.940+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"86","changedTo":""},{"fieldName":"description","changedFrom":"Get assistance for general IT problems and questions.","changedTo":""},{"fieldName":"name","changedFrom":"Get IT help","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10024","changedTo":""},{"fieldName":"iconId","changedFrom":"10541","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11890,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:56:07.861+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"96","changedTo":""},{"fieldName":"description","changedFrom":"Need a mobile phone or time for replacement? Let us know.","changedTo":""},{"fieldName":"name","changedFrom":"New mobile device","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10025","changedTo":""},{"fieldName":"iconId","changedFrom":"10534","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11889,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:54:03.906+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"88","changedTo":""},{"fieldName":"description","changedFrom":"Raise a request to ask for temp wifi access for guests.","changedTo":""},{"fieldName":"name","changedFrom":"Get a guest wifi account","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10024","changedTo":""},{"fieldName":"iconId","changedFrom":"10519","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11888,"summary":"User added to group","created":"2021-12-07T16:46:02.950+0000","category":"group management","eventSource":"","objectItem":{"name":"Eng Sys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11887,"summary":"User added to group","created":"2021-12-07T16:46:02.944+0000","category":"group management","eventSource":"","objectItem":{"name":"EngSys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579","name":"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11886,"summary":"User added to group","created":"2021-12-07T16:46:02.939+0000","category":"group management","eventSource":"","objectItem":{"name":"Eng Sys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:1b93c61c-2382-4f4e-8f38-f901c702845f","name":"ug:1b93c61c-2382-4f4e-8f38-f901c702845f","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11885,"summary":"User added to group","created":"2021-12-07T16:46:02.932+0000","category":"group management","eventSource":"","objectItem":{"name":"EngSys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:016dd2df-318a-4b92-908d-b0b9e531c60f","name":"ug:016dd2df-318a-4b92-908d-b0b9e531c60f","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11884,"summary":"Group created","created":"2021-12-07T16:45:24.007+0000","category":"group management","eventSource":"","objectItem":{"name":"Eng Sys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}} +{"id":11883,"summary":"Project created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:41.490+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Unassigned"},{"fieldName":"Project lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":""},{"fieldName":"Key","changedTo":"ACC"},{"fieldName":"Name","changedTo":"Change Control"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11882,"summary":"Custom email channel turned on","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:38.789+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"userName","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"host","changedFrom":"","changedTo":"mailstore"},{"fieldName":"port","changedFrom":"","changedTo":"110"},{"fieldName":"tlsEnabled","changedFrom":"","changedTo":"false"},{"fieldName":"emailAddress","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"protocol","changedFrom":"","changedTo":"vertimail"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11881,"summary":"Cloud Email settings created","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:38.773+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"","changedTo":"7"},{"fieldName":"requestTypeId","changedFrom":"","changedTo":"95"},{"fieldName":"serviceDeskId","changedFrom":"","changedTo":"6"},{"fieldName":"emailAddress","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11880,"summary":"Cloud email channel turned on","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:38.426+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"userName","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"host","changedFrom":"","changedTo":"mailstore"},{"fieldName":"port","changedFrom":"","changedTo":"110"},{"fieldName":"tlsEnabled","changedFrom":"","changedTo":"null"},{"fieldName":"emailAddress","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"protocol","changedFrom":"","changedTo":"vertimail"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11879,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.956+0000","category":"projects","eventSource":"","objectItem":{"id":"10099","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11878,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.930+0000","category":"projects","eventSource":"","objectItem":{"id":"10098","name":"VPN Server","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"VPN Server"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11877,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.903+0000","category":"projects","eventSource":"","objectItem":{"id":"10097","name":"Public Website","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Public Website"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11876,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.877+0000","category":"projects","eventSource":"","objectItem":{"id":"10096","name":"Printers","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Printers"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11875,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.849+0000","category":"projects","eventSource":"","objectItem":{"id":"10095","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11874,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.823+0000","category":"projects","eventSource":"","objectItem":{"id":"10094","name":"Office Network","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Office Network"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11873,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.797+0000","category":"projects","eventSource":"","objectItem":{"id":"10093","name":"Jira","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Jira"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11872,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.770+0000","category":"projects","eventSource":"","objectItem":{"id":"10092","name":"Intranet","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Intranet"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11871,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.743+0000","category":"projects","eventSource":"","objectItem":{"id":"10091","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11870,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.717+0000","category":"projects","eventSource":"","objectItem":{"id":"10090","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11869,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.691+0000","category":"projects","eventSource":"","objectItem":{"id":"10089","name":"Email and Collaboration Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Email and Collaboration Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11868,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.664+0000","category":"projects","eventSource":"","objectItem":{"id":"10088","name":"Data Center Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Data Center Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11867,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.637+0000","category":"projects","eventSource":"","objectItem":{"id":"10087","name":"Cloud Storage Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Cloud Storage Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11866,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.609+0000","category":"projects","eventSource":"","objectItem":{"id":"10086","name":"Billing Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Billing Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11865,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.561+0000","category":"projects","eventSource":"","objectItem":{"id":"10085","name":"Analytics and Reporting Service","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Analytics and Reporting Service"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11864,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.529+0000","category":"projects","eventSource":"","objectItem":{"id":"10084","name":"Active Directory","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Active Directory"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11863,"summary":"Workflow scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.499+0000","category":"workflows","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"associatedItems":[{"id":"10023","name":"Jira Service Management IT Support Workflow Scheme generated for Project ACC","typeName":"SCHEME"}]} +{"id":11862,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.468+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Jira Service Management default workflow","name":"ACC: Jira Service Management default workflow","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedFrom":"","changedTo":"This Jira Service Management default workflow was generated for Project ACC"}]} +{"id":11861,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.448+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Jira Service Management default workflow","name":"ACC: Jira Service Management default workflow","typeName":"WORKFLOW"}} +{"id":11860,"summary":"Workflow created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.421+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Jira Service Management default workflow","name":"ACC: Jira Service Management default workflow","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedTo":""},{"fieldName":"Name","changedTo":"ACC: Jira Service Management default workflow"}]} +{"id":11859,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.329+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Problem Management workflow for Jira Service Management","name":"ACC: Problem Management workflow for Jira Service Management","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedFrom":"","changedTo":"This Jira Service Management Problem Management workflow was generated for Project ACC"}]} +{"id":11858,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.310+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Problem Management workflow for Jira Service Management","name":"ACC: Problem Management workflow for Jira Service Management","typeName":"WORKFLOW"}} +{"id":11857,"summary":"Workflow created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.283+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Problem Management workflow for Jira Service Management","name":"ACC: Problem Management workflow for Jira Service Management","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedTo":""},{"fieldName":"Name","changedTo":"ACC: Problem Management workflow for Jira Service Management"}]} +{"id":11856,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.186+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Incident Management workflow for Jira Service Management","name":"ACC: Incident Management workflow for Jira Service Management","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedFrom":"","changedTo":"This Jira Service Management Incident Management workflow was generated for Project ACC"}]} +{"id":11663,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:11.410+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"","changedTo":"PEN-10052"},{"fieldName":"Issue Type","changedFrom":"","changedTo":"Subtask"}]} +{"id":11662,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:11.132+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"","changedTo":"PEN-10051"},{"fieldName":"Issue Type","changedFrom":"","changedTo":"Epic"}]} +{"id":11661,"summary":"Workflow scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.771+0000","category":"workflows","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10019","name":"PEN: Software Simplified Workflow Scheme","typeName":"SCHEME"}]} +{"id":11660,"summary":"Workflow scheme created","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.754+0000","category":"workflows","eventSource":"","objectItem":{"id":"10019","name":"PEN: Software Simplified Workflow Scheme","typeName":"SCHEME"},"changedValues":[{"fieldName":"Description","changedTo":""},{"fieldName":"Name","changedTo":"PEN: Software Simplified Workflow Scheme"}]} +{"id":11659,"summary":"Workflow created","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.744+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Name","changedTo":"Software workflow for project 10018"}]} +{"id":11658,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.473+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"","changedTo":"PEN-10050"},{"fieldName":"Issue Type","changedFrom":"","changedTo":"Task"}]} +{"id":11657,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.265+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":"Field Layout for PEN"},{"fieldName":"Issue Type","changedFrom":"Default","changedTo":"Default"}]} +{"id":11656,"summary":"Field Configuration scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.174+0000","category":"fields","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"}]} +{"id":11655,"summary":"Field Configuration scheme created","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.146+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Description","changedTo":"This Field Configuration Scheme was generated for Project PEN"},{"fieldName":"Name","changedTo":"Field Configuration Scheme for Project PEN"}]} +{"id":11654,"summary":"Issue Security scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.114+0000","category":"permissions","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10010","name":"PEN: Simplified Issue Security Scheme","typeName":"SCHEME"}]} +{"id":11653,"summary":"Permission scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.062+0000","category":"permissions","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10016","name":"PEN: Simplified Permission Scheme","typeName":"SCHEME"}]} +{"id":11652,"summary":"User updated","created":"2021-11-17T16:00:37.374+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11651,"summary":"User updated","created":"2021-11-16T09:25:56.725+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11650,"summary":"Custom field created","created":"2021-11-16T08:48:05.867+0000","category":"fields","eventSource":"","objectItem":{"id":"customfield_10072","name":"Work category","typeName":"CUSTOM_FIELD"},"changedValues":[{"fieldName":"Type","changedTo":"Work category"},{"fieldName":"Description","changedTo":"Jira system field that displays the category of work a specific issue belongs to."},{"fieldName":"Name","changedTo":"Work category"}]} \ No newline at end of file diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml new file mode 100644 index 00000000000..b50c2007781 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml @@ -0,0 +1,5 @@ +fields: + _config: + atlassian_cloud: true + tags: + - preserve_original_event diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json new file mode 100644 index 00000000000..4ad5d9433ca --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -0,0 +1,5047 @@ +{ + "expected": [ + { + "@timestamp": "2022-01-24T08:48:05.645Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project deleted", + "id": "11959", + "kind": "event", + "original": "{\"id\":11959,\"summary\":\"Project deleted\",\"created\":\"2022-01-24T08:48:05.645+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Test\",\"typeName\":\"PROJECT\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Test", + "type": "PROJECT" + } + ], + "type": { + "action": "Project deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:05.316Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme deleted", + "id": "11958", + "kind": "event", + "original": "{\"id\":11958,\"summary\":\"Field Configuration scheme deleted\",\"created\":\"2022-01-24T08:48:05.316+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "type": { + "action": "Field Configuration scheme deleted", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:05.097Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11957", + "kind": "event", + "original": "{\"id\":11957,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:05.097+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Subtask\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Subtask", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.939Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11956", + "kind": "event", + "original": "{\"id\":11956,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.939+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Epic\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Epic", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.716Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11955", + "kind": "event", + "original": "{\"id\":11955,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.716+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Bug\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Bug", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.530Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11954", + "kind": "event", + "original": "{\"id\":11954,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.530+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Task\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Task", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.167Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11953", + "kind": "event", + "original": "{\"id\":11953,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.167+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Story\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Story", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.020Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow scheme deleted", + "id": "11952", + "kind": "event", + "original": "{\"id\":11952,\"summary\":\"Workflow scheme deleted\",\"created\":\"2022-01-24T08:48:04.020+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10001\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10001", + "name": "TEST: Software Simplified Workflow Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Workflow scheme deleted", + "category": "workflows" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.965Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow deleted", + "id": "11951", + "kind": "event", + "original": "{\"id\":11951,\"summary\":\"Workflow deleted\",\"created\":\"2022-01-24T08:48:03.965+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Project TEST: Software Workflow for 10001\",\"name\":\"Project TEST: Software Workflow for 10001\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Project TEST: Software Workflow for 10001", + "name": "Project TEST: Software Workflow for 10001", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow deleted", + "category": "workflows" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.371Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Notification scheme deleted", + "id": "11950", + "kind": "event", + "original": "{\"id\":11950,\"summary\":\"Notification scheme deleted\",\"created\":\"2022-01-24T08:48:03.371+0000\",\"category\":\"notifications\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10001\",\"name\":\"TEST: Simplified Notification Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10001", + "name": "TEST: Simplified Notification Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Notification scheme deleted", + "category": "notifications" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.355Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project role deleted", + "id": "11949", + "kind": "event", + "original": "{\"id\":11949,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.355+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10006\",\"name\":\"Viewer\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10006", + "name": "Viewer", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.339Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project role deleted", + "id": "11948", + "kind": "event", + "original": "{\"id\":11948,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.339+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10005\",\"name\":\"Member\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10005", + "name": "Member", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.322Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project role deleted", + "id": "11947", + "kind": "event", + "original": "{\"id\":11947,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.322+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10007\",\"name\":\"atlassian-addons-project-access\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10007", + "name": "atlassian-addons-project-access", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.305Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project role deleted", + "id": "11946", + "kind": "event", + "original": "{\"id\":11946,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.305+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10004\",\"name\":\"Administrator\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10004", + "name": "Administrator", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.259Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Issue Security scheme deleted", + "id": "11945", + "kind": "event", + "original": "{\"id\":11945,\"summary\":\"Issue Security scheme deleted\",\"created\":\"2022-01-24T08:48:03.259+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"TEST: Simplified Issue Security Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "TEST: Simplified Issue Security Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Issue Security scheme deleted", + "category": "permissions" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.223Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Permission scheme deleted", + "id": "11944", + "kind": "event", + "original": "{\"id\":11944,\"summary\":\"Permission scheme deleted\",\"created\":\"2022-01-24T08:48:03.223+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"TEST: Simplified Permission Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "TEST: Simplified Permission Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Permission scheme deleted", + "category": "permissions" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-18T08:43:02.838Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11939", + "kind": "event", + "original": "{\"id\":11939,\"summary\":\"User added to group\",\"created\":\"2022-01-18T08:43:02.838+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"jira-software-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "jira-software-users", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:2281b112-0f77-4305-b779-66d30930eb83" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "jira-software-users" + }, + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83" + } + } + }, + { + "@timestamp": "2022-01-18T08:43:02.768Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11938", + "kind": "event", + "original": "{\"id\":11938,\"summary\":\"User added to group\",\"created\":\"2022-01-18T08:43:02.768+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"confluence-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "confluence-users", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:2281b112-0f77-4305-b779-66d30930eb83" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "confluence-users" + }, + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83" + } + } + }, + { + "@timestamp": "2022-01-18T08:43:02.602Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": "11937", + "kind": "event", + "original": "{\"id\":11937,\"summary\":\"User created\",\"created\":\"2022-01-18T08:43:02.602+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "user": [ + "ug:2281b112-0f77-4305-b779-66d30930eb83" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83" + } + } + }, + { + "@timestamp": "2022-01-14T16:37:07.126Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11935", + "kind": "event", + "original": "{\"id\":11935,\"summary\":\"User added to group\",\"created\":\"2022-01-14T16:37:07.126+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"confluence-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "confluence-users", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "confluence-users" + }, + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + } + } + }, + { + "@timestamp": "2022-01-14T16:37:07.019Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": "11934", + "kind": "event", + "original": "{\"id\":11934,\"summary\":\"User created\",\"created\":\"2022-01-14T16:37:07.019+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "user": [ + "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + } + } + }, + { + "@timestamp": "2022-01-10T12:44:41.065Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User's password changed", + "id": "11933", + "kind": "event", + "original": "{\"id\":11933,\"summary\":\"User's password changed\",\"remoteAddress\":\"81.2.69.193\",\"created\":\"2022-01-10T12:44:41.065+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + } + ], + "type": { + "action": "User's password changed", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-06T09:49:07.418Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11932", + "kind": "event", + "original": "{\"id\":11932,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.76.139\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-06T09:49:07.418+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "10.83.76.139" + ] + }, + "source": { + "address": "10.83.76.139", + "ip": "10.83.76.139" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2022-01-05T07:23:49.369Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11931", + "kind": "event", + "original": "{\"id\":11931,\"summary\":\"Workflow updated\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-05T07:23:49.369+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2022-01-05T07:23:49.162Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11930", + "kind": "event", + "original": "{\"id\":11930,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.76.139\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-05T07:23:49.162+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "10.83.76.139" + ] + }, + "source": { + "address": "10.83.76.139", + "ip": "10.83.76.139" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-12-13T14:10:35.436Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11898", + "kind": "event", + "original": "{\"id\":11898,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.62.36\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-12-13T14:10:35.436+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "10.83.62.36" + ] + }, + "source": { + "address": "10.83.62.36", + "ip": "10.83.62.36" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-12-10T11:57:29.971Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User's password changed", + "id": "11897", + "kind": "event", + "original": "{\"id\":11897,\"summary\":\"User's password changed\",\"remoteAddress\":\"81.2.69.193\",\"created\":\"2021-12-10T11:57:29.971+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + } + ], + "type": { + "action": "User's password changed", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-12-10T11:53:37.982Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": "11896", + "kind": "event", + "original": "{\"id\":11896,\"summary\":\"User created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-10T11:53:37.982+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ], + "user": [ + "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16", + "target": { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682" + } + } + }, + { + "@timestamp": "2021-12-10T11:52:39.940Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Customer invited notification changed", + "id": "11895", + "kind": "event", + "original": "{\"id\":11895,\"summary\":\"Customer invited notification changed\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-10T11:52:39.940+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10003\",\"name\":\"Support\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"isEnabled\",\"changedFrom\":\"false\",\"changedTo\":\"true\"}],\"associatedItems\":[{\"id\":\"10003\",\"name\":\"Support\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10003", + "name": "Support", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "false", + "i18nKey": "isEnabled", + "key": "isEnabled", + "to": "true" + } + ], + "type": { + "action": "Customer invited notification changed", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T17:15:05.069Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": "11894", + "kind": "event", + "original": "{\"id\":11894,\"summary\":\"User created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T17:15:05.069+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ], + "user": [ + "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16", + "target": { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9" + } + } + }, + { + "@timestamp": "2021-12-07T17:03:54.188Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Customer permissions changed", + "id": "11893", + "kind": "event", + "original": "{\"id\":11893,\"summary\":\"Customer permissions changed\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T17:03:54.188+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"description\":\"Update who can access the portal and send requests\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"Customer access\",\"changedFrom\":\"Anyone with an account\",\"changedTo\":\"Customers my team adds to the project\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "Anyone with an account", + "i18nKey": "Customer access", + "key": "Customer access", + "to": "Customers my team adds to the project" + } + ], + "type": { + "action": "Customer permissions changed", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:56:48.122Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Request type deleted", + "id": "11892", + "kind": "event", + "original": "{\"id\":11892,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:48.122+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"89\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Want to access work stuff from outside? Let us know.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Set up VPN to the office\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10526\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "89", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Want to access work stuff from outside? Let us know.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "Set up VPN to the office", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10024", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10526", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:56:24.940Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Request type deleted", + "id": "11891", + "kind": "event", + "original": "{\"id\":11891,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:24.940+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"86\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Get assistance for general IT problems and questions.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Get IT help\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10541\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "86", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Get assistance for general IT problems and questions.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "Get IT help", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10024", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10541", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:56:07.861Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Request type deleted", + "id": "11890", + "kind": "event", + "original": "{\"id\":11890,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:07.861+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"96\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Need a mobile phone or time for replacement? Let us know.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"New mobile device\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10025\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10534\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "96", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Need a mobile phone or time for replacement? Let us know.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "New mobile device", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10025", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10534", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:54:03.906Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Request type deleted", + "id": "11889", + "kind": "event", + "original": "{\"id\":11889,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:54:03.906+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"88\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Raise a request to ask for temp wifi access for guests.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Get a guest wifi account\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10519\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "88", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Raise a request to ask for temp wifi access for guests.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "Get a guest wifi account", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10024", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10519", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.950Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11888", + "kind": "event", + "original": "{\"id\":11888,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.950+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "Eng Sys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "Eng Sys" + }, + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.944Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11887", + "kind": "event", + "original": "{\"id\":11887,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.944+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"EngSys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579\",\"name\":\"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579", + "name": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "EngSys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "EngSys" + }, + "id": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579", + "name": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.939Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11886", + "kind": "event", + "original": "{\"id\":11886,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.939+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:1b93c61c-2382-4f4e-8f38-f901c702845f\",\"name\":\"ug:1b93c61c-2382-4f4e-8f38-f901c702845f\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f", + "name": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "Eng Sys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:1b93c61c-2382-4f4e-8f38-f901c702845f" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "Eng Sys" + }, + "id": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f", + "name": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.932Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": "11885", + "kind": "event", + "original": "{\"id\":11885,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.932+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"EngSys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:016dd2df-318a-4b92-908d-b0b9e531c60f\",\"name\":\"ug:016dd2df-318a-4b92-908d-b0b9e531c60f\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f", + "name": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "EngSys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:016dd2df-318a-4b92-908d-b0b9e531c60f" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "EngSys" + }, + "id": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f", + "name": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f" + } + } + }, + { + "@timestamp": "2021-12-07T16:45:24.007Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Group created", + "category": [ + "iam" + ], + "id": "11884", + "kind": "event", + "original": "{\"id\":11884,\"summary\":\"Group created\",\"created\":\"2021-12-07T16:45:24.007+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "name": "Eng Sys" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "name": "Eng Sys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "Group created", + "category": "group management" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-12-07T16:29:41.490Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project created", + "category": [ + "configuration" + ], + "id": "11883", + "kind": "event", + "original": "{\"id\":11883,\"summary\":\"Project created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:41.490+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Unassigned\"},{\"fieldName\":\"Project lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Key\",\"changedTo\":\"ACC\"},{\"fieldName\":\"Name\",\"changedTo\":\"Change Control\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Unassigned" + }, + { + "i18nKey": "Project lead", + "key": "Project lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Key", + "key": "Key", + "to": "ACC" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Change Control" + } + ], + "type": { + "action": "Project created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.789Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Custom email channel turned on", + "id": "11882", + "kind": "event", + "original": "{\"id\":11882,\"summary\":\"Custom email channel turned on\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.789+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"userName\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"host\",\"changedFrom\":\"\",\"changedTo\":\"mailstore\"},{\"fieldName\":\"port\",\"changedFrom\":\"\",\"changedTo\":\"110\"},{\"fieldName\":\"tlsEnabled\",\"changedFrom\":\"\",\"changedTo\":\"false\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"protocol\",\"changedFrom\":\"\",\"changedTo\":\"vertimail\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "userName", + "key": "userName", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "host", + "key": "host", + "to": "mailstore" + }, + { + "i18nKey": "port", + "key": "port", + "to": "110" + }, + { + "i18nKey": "tlsEnabled", + "key": "tlsEnabled", + "to": "false" + }, + { + "i18nKey": "emailAddress", + "key": "emailAddress", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "protocol", + "key": "protocol", + "to": "vertimail" + } + ], + "type": { + "action": "Custom email channel turned on", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.773Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Cloud Email settings created", + "id": "11881", + "kind": "event", + "original": "{\"id\":11881,\"summary\":\"Cloud Email settings created\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.773+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"\",\"changedTo\":\"7\"},{\"fieldName\":\"requestTypeId\",\"changedFrom\":\"\",\"changedTo\":\"95\"},{\"fieldName\":\"serviceDeskId\",\"changedFrom\":\"\",\"changedTo\":\"6\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "id", + "key": "id", + "to": "7" + }, + { + "i18nKey": "requestTypeId", + "key": "requestTypeId", + "to": "95" + }, + { + "i18nKey": "serviceDeskId", + "key": "serviceDeskId", + "to": "6" + }, + { + "i18nKey": "emailAddress", + "key": "emailAddress", + "to": "support@cyberfort.atlassian.net" + } + ], + "type": { + "action": "Cloud Email settings created", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.426Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Cloud email channel turned on", + "id": "11880", + "kind": "event", + "original": "{\"id\":11880,\"summary\":\"Cloud email channel turned on\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.426+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"userName\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"host\",\"changedFrom\":\"\",\"changedTo\":\"mailstore\"},{\"fieldName\":\"port\",\"changedFrom\":\"\",\"changedTo\":\"110\"},{\"fieldName\":\"tlsEnabled\",\"changedFrom\":\"\",\"changedTo\":\"null\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"protocol\",\"changedFrom\":\"\",\"changedTo\":\"vertimail\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "userName", + "key": "userName", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "host", + "key": "host", + "to": "mailstore" + }, + { + "i18nKey": "port", + "key": "port", + "to": "110" + }, + { + "i18nKey": "tlsEnabled", + "key": "tlsEnabled", + "to": "null" + }, + { + "i18nKey": "emailAddress", + "key": "emailAddress", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "protocol", + "key": "protocol", + "to": "vertimail" + } + ], + "type": { + "action": "Cloud email channel turned on", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.956Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11879", + "kind": "event", + "original": "{\"id\":11879,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.956+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10099\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10099", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.930Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11878", + "kind": "event", + "original": "{\"id\":11878,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.930+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10098\",\"name\":\"VPN Server\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"VPN Server\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10098", + "name": "VPN Server", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "VPN Server" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.903Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11877", + "kind": "event", + "original": "{\"id\":11877,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.903+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10097\",\"name\":\"Public Website\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Public Website\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10097", + "name": "Public Website", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Public Website" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.877Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11876", + "kind": "event", + "original": "{\"id\":11876,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.877+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10096\",\"name\":\"Printers\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Printers\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10096", + "name": "Printers", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Printers" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.849Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11875", + "kind": "event", + "original": "{\"id\":11875,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.849+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10095\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10095", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.823Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11874", + "kind": "event", + "original": "{\"id\":11874,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.823+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10094\",\"name\":\"Office Network\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Office Network\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10094", + "name": "Office Network", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Office Network" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.797Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11873", + "kind": "event", + "original": "{\"id\":11873,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.797+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10093\",\"name\":\"Jira\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Jira\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10093", + "name": "Jira", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Jira" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.770Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11872", + "kind": "event", + "original": "{\"id\":11872,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.770+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10092\",\"name\":\"Intranet\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Intranet\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10092", + "name": "Intranet", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Intranet" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.743Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11871", + "kind": "event", + "original": "{\"id\":11871,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.743+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10091\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10091", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.717Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11870", + "kind": "event", + "original": "{\"id\":11870,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.717+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10090\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10090", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.691Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11869", + "kind": "event", + "original": "{\"id\":11869,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.691+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10089\",\"name\":\"Email and Collaboration Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Email and Collaboration Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10089", + "name": "Email and Collaboration Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Email and Collaboration Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.664Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11868", + "kind": "event", + "original": "{\"id\":11868,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.664+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10088\",\"name\":\"Data Center Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Data Center Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10088", + "name": "Data Center Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Data Center Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.637Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11867", + "kind": "event", + "original": "{\"id\":11867,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.637+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10087\",\"name\":\"Cloud Storage Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Cloud Storage Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10087", + "name": "Cloud Storage Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Cloud Storage Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.609Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11866", + "kind": "event", + "original": "{\"id\":11866,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.609+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10086\",\"name\":\"Billing Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Billing Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10086", + "name": "Billing Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Billing Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.561Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11865", + "kind": "event", + "original": "{\"id\":11865,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.561+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10085\",\"name\":\"Analytics and Reporting Service\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Analytics and Reporting Service\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10085", + "name": "Analytics and Reporting Service", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Analytics and Reporting Service" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.529Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Project component created", + "id": "11864", + "kind": "event", + "original": "{\"id\":11864,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.529+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10084\",\"name\":\"Active Directory\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Active Directory\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10084", + "name": "Active Directory", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Active Directory" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.499Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow scheme added to project", + "id": "11863", + "kind": "event", + "original": "{\"id\":11863,\"summary\":\"Workflow scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.499+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10023\",\"name\":\"Jira Service Management IT Support Workflow Scheme generated for Project ACC\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10023", + "name": "Jira Service Management IT Support Workflow Scheme generated for Project ACC", + "type": "SCHEME" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "type": { + "action": "Workflow scheme added to project", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.468Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11862", + "kind": "event", + "original": "{\"id\":11862,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.468+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management default workflow was generated for Project ACC\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Jira Service Management default workflow", + "name": "ACC: Jira Service Management default workflow", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Jira Service Management default workflow was generated for Project ACC" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.448Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11861", + "kind": "event", + "original": "{\"id\":11861,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.448+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Jira Service Management default workflow", + "name": "ACC: Jira Service Management default workflow", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.421Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow created", + "id": "11860", + "kind": "event", + "original": "{\"id\":11860,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.421+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"ACC: Jira Service Management default workflow\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Jira Service Management default workflow", + "name": "ACC: Jira Service Management default workflow", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "ACC: Jira Service Management default workflow" + } + ], + "type": { + "action": "Workflow created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.329Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11859", + "kind": "event", + "original": "{\"id\":11859,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.329+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management Problem Management workflow was generated for Project ACC\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Problem Management workflow for Jira Service Management", + "name": "ACC: Problem Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Jira Service Management Problem Management workflow was generated for Project ACC" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.310Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11858", + "kind": "event", + "original": "{\"id\":11858,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.310+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Problem Management workflow for Jira Service Management", + "name": "ACC: Problem Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.283Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow created", + "id": "11857", + "kind": "event", + "original": "{\"id\":11857,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.283+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"ACC: Problem Management workflow for Jira Service Management\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Problem Management workflow for Jira Service Management", + "name": "ACC: Problem Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "ACC: Problem Management workflow for Jira Service Management" + } + ], + "type": { + "action": "Workflow created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.186Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow updated", + "id": "11856", + "kind": "event", + "original": "{\"id\":11856,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.186+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Incident Management workflow for Jira Service Management\",\"name\":\"ACC: Incident Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management Incident Management workflow was generated for Project ACC\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Incident Management workflow for Jira Service Management", + "name": "ACC: Incident Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Jira Service Management Incident Management workflow was generated for Project ACC" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-11-18T10:58:11.410Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11663", + "kind": "event", + "original": "{\"id\":11663,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:11.410+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10052\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Subtask\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "PEN-10052" + }, + { + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Subtask" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:11.132Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11662", + "kind": "event", + "original": "{\"id\":11662,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:11.132+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10051\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Epic\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "PEN-10051" + }, + { + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Epic" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.771Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow scheme added to project", + "id": "11661", + "kind": "event", + "original": "{\"id\":11661,\"summary\":\"Workflow scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.771+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10019\",\"name\":\"PEN: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10019", + "name": "PEN: Software Simplified Workflow Scheme", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Workflow scheme added to project", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.754Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow scheme created", + "id": "11660", + "kind": "event", + "original": "{\"id\":11660,\"summary\":\"Workflow scheme created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.754+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10019\",\"name\":\"PEN: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"PEN: Software Simplified Workflow Scheme\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10019", + "name": "PEN: Software Simplified Workflow Scheme", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "PEN: Software Simplified Workflow Scheme" + } + ], + "type": { + "action": "Workflow scheme created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.744Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Workflow created", + "id": "11659", + "kind": "event", + "original": "{\"id\":11659,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.744+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Name\",\"changedTo\":\"Software workflow for project 10018\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Name", + "key": "Name", + "to": "Software workflow for project 10018" + } + ], + "type": { + "action": "Workflow created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.473Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11658", + "kind": "event", + "original": "{\"id\":11658,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.473+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10050\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Task\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "PEN-10050" + }, + { + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Task" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.265Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": "11657", + "kind": "event", + "original": "{\"id\":11657,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.265+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"Field Layout for PEN\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Default\",\"changedTo\":\"Default\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "Field Layout for PEN" + }, + { + "from": "Default", + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Default" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.174Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme added to project", + "id": "11656", + "kind": "event", + "original": "{\"id\":11656,\"summary\":\"Field Configuration scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.174+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Field Configuration scheme added to project", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.146Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Field Configuration scheme created", + "id": "11655", + "kind": "event", + "original": "{\"id\":11655,\"summary\":\"Field Configuration scheme created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.146+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"This Field Configuration Scheme was generated for Project PEN\"},{\"fieldName\":\"Name\",\"changedTo\":\"Field Configuration Scheme for Project PEN\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Field Configuration Scheme was generated for Project PEN" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Field Configuration Scheme for Project PEN" + } + ], + "type": { + "action": "Field Configuration scheme created", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.114Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Issue Security scheme added to project", + "id": "11654", + "kind": "event", + "original": "{\"id\":11654,\"summary\":\"Issue Security scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.114+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10010\",\"name\":\"PEN: Simplified Issue Security Scheme\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10010", + "name": "PEN: Simplified Issue Security Scheme", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Issue Security scheme added to project", + "category": "permissions" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.062Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Permission scheme added to project", + "id": "11653", + "kind": "event", + "original": "{\"id\":11653,\"summary\":\"Permission scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.062+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10016\",\"name\":\"PEN: Simplified Permission Scheme\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10016", + "name": "PEN: Simplified Permission Scheme", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Permission scheme added to project", + "category": "permissions" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-17T16:00:37.374Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User updated", + "category": [ + "iam" + ], + "id": "11652", + "kind": "event", + "original": "{\"id\":11652,\"summary\":\"User updated\",\"created\":\"2021-11-17T16:00:37.374+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"name\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedFrom\":\"Active\",\"changedTo\":\"Inactive\"}],\"associatedItems\":[{\"id\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"name\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:870c3c4b-1f74-4fa2-a401-639ec53e9436", + "name": "ug:870c3c4b-1f74-4fa2-a401-639ec53e9436", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "from": "Active", + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Inactive" + } + ], + "type": { + "action": "User updated", + "category": "user management" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-11-16T09:25:56.725Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "User updated", + "category": [ + "iam" + ], + "id": "11651", + "kind": "event", + "original": "{\"id\":11651,\"summary\":\"User updated\",\"created\":\"2021-11-16T09:25:56.725+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"name\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedFrom\":\"Active\",\"changedTo\":\"Inactive\"}],\"associatedItems\":[{\"id\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"name\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:7759808b-4fa4-4053-a8f5-136c382be65a", + "name": "ug:7759808b-4fa4-4053-a8f5-136c382be65a", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "from": "Active", + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Inactive" + } + ], + "type": { + "action": "User updated", + "category": "user management" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-11-16T08:48:05.867Z", + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "Custom field created", + "id": "11650", + "kind": "event", + "original": "{\"id\":11650,\"summary\":\"Custom field created\",\"created\":\"2021-11-16T08:48:05.867+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"customfield_10072\",\"name\":\"Work category\",\"typeName\":\"CUSTOM_FIELD\"},\"changedValues\":[{\"fieldName\":\"Type\",\"changedTo\":\"Work category\"},{\"fieldName\":\"Description\",\"changedTo\":\"Jira system field that displays the category of work a specific issue belongs to.\"},{\"fieldName\":\"Name\",\"changedTo\":\"Work category\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "customfield_10072", + "name": "Work category", + "type": "CUSTOM_FIELD" + } + ], + "changed_values": [ + { + "i18nKey": "Type", + "key": "Type", + "to": "Work category" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Jira system field that displays the category of work a specific issue belongs to." + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Work category" + } + ], + "type": { + "action": "Custom field created", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 9e89e02c7ef..35f6a66d5c8 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -5,80 +5,49 @@ "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "Anonymous" - ], - "hosts": [ - "jira.internal" - ], - "ip": [ - "10.50.33.72" - ] - }, - "service": { - "address": "http://jira.internal:8088" - }, - "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" - }, "event": { "action": "jira.auditing.group.created", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"jira.auditing.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":514000000},\"version\":\"1.0\"}", "type": [ "group", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" + ] }, - "user": { - "name": "Anonymous", - "id": "-2" + "group": { + "name": "jira-software-users" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", "type": "GROUP" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "Group created", "actionI18nKey": "jira.auditing.group.created", - "categoryI18nKey": "jira.auditing.category.groupmanagement", + "area": "USER_MANAGEMENT", "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement", "level": "BASE" } } }, - "group": { - "name": "jira-software-users" - } - }, - { - "@timestamp": "2021-11-22T00:05:08.579Z", - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -88,43 +57,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.579Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":579000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":579000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -136,24 +102,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.581Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -163,43 +132,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.581Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":581000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":581000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -211,24 +177,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.583Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -238,43 +207,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.583Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":583000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":583000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -286,24 +252,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.584Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -313,43 +282,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.584Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":584000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":584000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -361,24 +327,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.596Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -388,37 +357,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.596Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.system.license.added", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\"}],\"auditType\":{\"action\":\"New license added\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"system\",\"categoryI18nKey\":\"jira.auditing.category.system\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"admin.license.organisation\",\"key\":\"Organization\",\"to\":\"myself\"},{\"i18nKey\":\"admin.license.date.purchased\",\"key\":\"Date Purchased\",\"to\":\"21/Nov/21\"},{\"i18nKey\":\"admin.license.type\",\"key\":\"License Type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"i18nKey\":\"admin.server.id\",\"key\":\"Server ID\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"i18nKey\":\"admin.license.sen\",\"key\":\"Support Entitlement Number (SEN)\",\"to\":\"SEN-L17782970\"},{\"i18nKey\":\"admin.license.user.limit\",\"key\":\"User Limit\",\"to\":\"Unlimited\"},{\"i18nKey\":\"jira-software\",\"key\":\"jira-software\",\"to\":\"-1\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":596000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "SEN-L17782970", - "type": "LICENSE", - "id": "0" + "type": "LICENSE" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New license added", - "actionI18nKey": "jira.auditing.system.license.added", - "categoryI18nKey": "jira.auditing.category.system", - "category": "system", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.license.organisation", @@ -455,25 +421,27 @@ "key": "jira-software", "to": "-1" } - ] + ], + "method": "Browser", + "type": { + "action": "New license added", + "actionI18nKey": "jira.auditing.system.license.added", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "system", + "categoryI18nKey": "jira.auditing.category.system", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.600Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -483,52 +451,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.600Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.user.created", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"jira.auditing.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"user management\",\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.username\",\"key\":\"Username\",\"to\":\"test.user\"},{\"i18nKey\":\"common.words.fullname\",\"key\":\"Full name\",\"to\":\"Alex\"},{\"i18nKey\":\"common.words.email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"admin.common.phrases.active.inactive\",\"key\":\"Active / Inactive\",\"to\":\"Active\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":600000000},\"version\":\"1.0\"}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "changes": { - "name": "test.user", - "email": "test.user@example.com", - "full_name": "Alex" - }, - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000" - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "jira.auditing.user.created", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.username", @@ -550,25 +506,28 @@ "key": "Active / Inactive", "to": "Active" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "jira.auditing.user.created", + "area": "USER_MANAGEMENT", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.734Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -578,71 +537,74 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "email": "test.user@example.com", + "full_name": "Alex", + "name": "test.user" + }, + "id": "-2", + "name": "Anonymous", + "target": { + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.734Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":734000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-administrators" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-administrators", "type": "GROUP" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "jira.auditing.user.added.to.group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", + "area": "USER_MANAGEMENT", "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.750Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -652,43 +614,47 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-administrators" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.750Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":750000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":750000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -700,24 +666,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.751Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -727,43 +696,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.751Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":751000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":751000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -775,24 +741,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.752Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -802,43 +771,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.752Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":752000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":752000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -850,24 +816,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.754Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -877,43 +846,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.754Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":754000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":754000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -925,25 +891,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.756Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -953,71 +921,65 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.756Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":756000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-software-users" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", "type": "GROUP" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "jira.auditing.user.added.to.group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", + "area": "USER_MANAGEMENT", "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.138Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -1027,37 +989,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-software-users" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:57.138Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":138000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1074,24 +1040,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.158Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1101,71 +1070,71 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.158Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"Manage Sprints\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"\"},{\"from\":\"Project Role\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"\"},{\"from\":\"Administrators\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":158000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { - "i18nKey": "admin.common.words.permission", "from": "Manage Sprints", + "i18nKey": "admin.common.words.permission", "key": "Permission" }, { - "i18nKey": "admin.common.words.type", "from": "Project Role", + "i18nKey": "admin.common.words.type", "key": "Type" }, { - "i18nKey": "admin.common.words.value", "from": "Administrators", + "i18nKey": "admin.common.words.value", "key": "Value" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.162Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1175,37 +1144,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.162Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":162000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1222,24 +1188,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.318Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1249,37 +1218,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.318Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10100\",\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Team\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Team\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":318000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10100", "name": "Team", - "type": "CUSTOM_FIELD", - "id": "customfield_10100" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1291,24 +1257,27 @@ "key": "Type", "to": "Team" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.974Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1318,37 +1287,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.974Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Parent Link\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Parent Link\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":974000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10101", "name": "Parent Link", - "type": "CUSTOM_FIELD", - "id": "customfield_10101" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1360,24 +1326,27 @@ "key": "Type", "to": "Parent Link" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.990Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1387,54 +1356,54 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.990Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":990000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10101", "name": "Parent Link", - "type": "CUSTOM_FIELD", - "id": "customfield_10101" + "type": "CUSTOM_FIELD" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Custom field updated", "actionI18nKey": "jira.auditing.customfield.updated", - "categoryI18nKey": "jira.auditing.category.fields", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.224Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1444,37 +1413,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.224Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target start\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target start\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":224000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10102", "name": "Target start", - "type": "CUSTOM_FIELD", - "id": "customfield_10102" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1491,24 +1457,27 @@ "key": "Type", "to": "Target start" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.266Z", - "ecs": { - "version": "8.2.0" }, - "related": { - "user": [ - "Anonymous" - ], + "related": { "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1518,37 +1487,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.266Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target end\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target end\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":266000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10103", "name": "Target end", - "type": "CUSTOM_FIELD", - "id": "customfield_10103" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1565,24 +1531,27 @@ "key": "Type", "to": "Target end" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.313Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1592,37 +1561,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.313Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10104\",\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Original story points\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Original story points\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":313000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10104", "name": "Original story points", - "type": "CUSTOM_FIELD", - "id": "customfield_10104" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1634,24 +1600,27 @@ "key": "Type", "to": "Original story points" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.332Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1661,54 +1630,54 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.332Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":332000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10102", "name": "Target start", - "type": "CUSTOM_FIELD", - "id": "customfield_10102" + "type": "CUSTOM_FIELD" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Custom field updated", "actionI18nKey": "jira.auditing.customfield.updated", - "categoryI18nKey": "jira.auditing.category.fields", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.340Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1718,54 +1687,54 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.340Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":340000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10103", "name": "Target end", - "type": "CUSTOM_FIELD", - "id": "customfield_10103" + "type": "CUSTOM_FIELD" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Custom field updated", "actionI18nKey": "jira.auditing.customfield.updated", - "categoryI18nKey": "jira.auditing.category.fields", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.485Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1775,59 +1744,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.485Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":485000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":485000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Epic", - "type": "ISSUE_TYPE", - "id": "10000" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Issue type created", "actionI18nKey": "jira.auditing.issue.type.created", - "categoryI18nKey": "jira.auditing.category.issuetypes", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.522Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1837,37 +1806,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.522Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10105\",\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Name\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Provide a short name to identify this epic.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Name of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":522000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "affected_objects": [ - { - "name": "Epic Name", - "type": "CUSTOM_FIELD", - "id": "customfield_10105" - } - ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, + "affected_objects": [ + { + "id": "customfield_10105", + "name": "Epic Name", + "type": "CUSTOM_FIELD" + } + ], "changed_values": [ { "i18nKey": "common.words.name", @@ -1884,24 +1850,27 @@ "key": "Type", "to": "Name of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.644Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1911,37 +1880,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.644Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10106\",\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Status\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Status of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":644000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10106", "name": "Epic Status", - "type": "CUSTOM_FIELD", - "id": "customfield_10106" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1958,24 +1924,27 @@ "key": "Type", "to": "Status of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.669Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1985,37 +1954,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.669Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10107\",\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Colour\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Colour of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":669000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10107", "name": "Epic Colour", - "type": "CUSTOM_FIELD", - "id": "customfield_10107" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2032,24 +1998,27 @@ "key": "Type", "to": "Colour of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.694Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2059,37 +2028,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.694Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10108\",\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Sprint\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Jira Software sprint field\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Jira Sprint Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":694000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10108", "name": "Sprint", - "type": "CUSTOM_FIELD", - "id": "customfield_10108" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2106,24 +2072,27 @@ "key": "Type", "to": "Jira Sprint Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.725Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2133,37 +2102,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.725Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10109\",\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Link\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Epic Link Relationship\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":725000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10109", "name": "Epic Link", - "type": "CUSTOM_FIELD", - "id": "customfield_10109" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2180,24 +2146,27 @@ "key": "Type", "to": "Epic Link Relationship" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.794Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2207,37 +2176,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.794Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10110\",\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Rank\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Global Rank\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":794000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10110", "name": "Rank", - "type": "CUSTOM_FIELD", - "id": "customfield_10110" + "type": "CUSTOM_FIELD" } - ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, + ], "changed_values": [ { "i18nKey": "common.words.name", @@ -2254,24 +2220,27 @@ "key": "Type", "to": "Global Rank" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.370Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2281,59 +2250,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.370Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Story\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":37000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Story\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":37000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Story", - "type": "ISSUE_TYPE", - "id": "10001" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Issue type created", "actionI18nKey": "jira.auditing.issue.type.created", - "categoryI18nKey": "jira.auditing.category.issuetypes", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.880Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2343,37 +2312,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.880Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.customfield.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10111\",\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Story Points\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Number Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":88000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10111", "name": "Story Points", - "type": "CUSTOM_FIELD", - "id": "customfield_10111" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2390,24 +2356,27 @@ "key": "Type", "to": "Number Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.534Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2417,61 +2386,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.534Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Done\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"Work has been completed on this issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":534000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Done", - "type": "RESOLUTION", - "id": "10000" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "Work has been completed on this issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2481,61 +2450,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.535Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Won't Do\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"This issue won't be actioned.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":535000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Won't Do", - "type": "RESOLUTION", - "id": "10001" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "This issue won't be actioned." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.536Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2545,61 +2514,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.536Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Duplicate\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"The problem is a duplicate of an existing issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":536000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10002", "name": "Duplicate", - "type": "RESOLUTION", - "id": "10002" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "The problem is a duplicate of an existing issue." } - ] - } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.537Z", - "ecs": { - "version": "8.2.0" + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } + } }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2609,61 +2578,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.537Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10003\",\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":537000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10003", "name": "Cannot Reproduce", - "type": "RESOLUTION", - "id": "10003" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.710Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2673,37 +2642,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.710Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.workflow.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"Software Simplified Workflow for Project TEST\",\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\"}],\"auditType\":{\"action\":\"Workflow created\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.workflowtransition.transition\",\"key\":\"Transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"},{\"i18nKey\":\"common.words.status\",\"key\":\"Status\",\"to\":\"To Do, In Progress, Done\"},{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":710000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "Software Simplified Workflow for Project TEST", "name": "Software Simplified Workflow for Project TEST", - "type": "WORKFLOW", - "id": "Software Simplified Workflow for Project TEST" + "type": "WORKFLOW" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Workflow created", - "actionI18nKey": "jira.auditing.workflow.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.workflowtransition.transition", @@ -2725,24 +2691,27 @@ "key": "Description", "to": "Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow." } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow created", + "actionI18nKey": "jira.auditing.workflow.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.732Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2752,37 +2721,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.732Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.workflow.scheme.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme created\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":732000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10100", "name": "TEST: Software Simplified Workflow Scheme", - "type": "SCHEME", - "id": "10100" + "type": "SCHEME" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Workflow scheme created", - "actionI18nKey": "jira.auditing.workflow.scheme.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2794,24 +2760,27 @@ "key": "Description", "to": "Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme." } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow scheme created", + "actionI18nKey": "jira.auditing.workflow.scheme.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.746Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2821,59 +2790,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.746Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme added to project\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":746000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "10100", "name": "TEST: Software Simplified Workflow Scheme", - "type": "SCHEME", - "id": "10100" + "type": "SCHEME" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Workflow scheme added to project", "actionI18nKey": "jira.auditing.workflow.scheme.added.to.project", - "categoryI18nKey": "jira.auditing.category.workflows", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.887Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2883,47 +2852,44 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.887Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.filter.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Filter for TEST board\",\"type\":\"FILTER\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Filter created\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"filters\",\"categoryI18nKey\":\"jira.auditing.category.filters\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Filter for TEST board\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.owner\",\"key\":\"Owner\",\"to\":\"test.user\"},{\"from\":\"[]\",\"i18nKey\":\"common.concepts.shared.with\",\"key\":\"Shared with\",\"to\":\"[Project: test (VIEW)]\"},{\"from\":\"\",\"i18nKey\":\"jira.jql.query\",\"key\":\"JQL Query\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":887000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Filter for TEST board", - "type": "FILTER", - "id": "10000" + "type": "FILTER" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Filter created", - "actionI18nKey": "jira.auditing.filter.created", - "categoryI18nKey": "jira.auditing.category.filters", - "category": "filters", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2941,33 +2907,36 @@ }, { "from": "[]", - "to": "[Project: test (VIEW)]", "i18nKey": "common.concepts.shared.with", - "key": "Shared with" + "key": "Shared with", + "to": "[Project: test (VIEW)]" }, { "i18nKey": "jira.jql.query", "key": "JQL Query", "to": "{project = \"TEST\"} order by Rank ASC" } - ] + ], + "method": "Browser", + "type": { + "action": "Filter created", + "actionI18nKey": "jira.auditing.filter.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "filters", + "categoryI18nKey": "jira.auditing.category.filters", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.720Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2977,59 +2946,59 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.720Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "Board created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"},{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"}],\"auditType\":{\"action\":\"Board created\",\"actionI18nKey\":\"Board created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"boards\",\"categoryI18nKey\":\"jira.auditing.category.boards\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":72000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "1", "name": "TEST board", - "type": "BOARD", - "id": "1" + "type": "BOARD" }, { + "id": "1", "name": "TEST board", - "type": "BOARD", - "id": "1" + "type": "BOARD" } ], + "method": "Browser", "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "action": "Board created", "actionI18nKey": "Board created", - "categoryI18nKey": "jira.auditing.category.boards", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "category": "boards", + "categoryI18nKey": "jira.auditing.category.boards", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.142Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3039,37 +3008,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.142Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme created\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Default software scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Default scheme for Software projects.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":142000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme created", - "actionI18nKey": "jira.auditing.permission.scheme.created", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -3081,24 +3047,27 @@ "key": "Description", "to": "Default scheme for Software projects." } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme created", + "actionI18nKey": "jira.auditing.permission.scheme.created", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.151Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3108,37 +3077,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.151Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":151000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3150,24 +3116,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.163Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3177,37 +3146,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.163Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":163000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3219,24 +3185,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.165Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3246,37 +3215,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.165Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":165000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3288,24 +3254,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.166Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3315,37 +3284,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.166Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assign Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":166000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3357,24 +3323,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.168Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3384,37 +3353,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.168Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Resolve Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":168000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3426,24 +3392,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.171Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3453,37 +3422,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.171Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Add Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":171000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3495,24 +3461,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.173Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3522,37 +3491,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.173Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":173000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3569,24 +3535,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.174Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3596,37 +3565,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.174Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assignable User\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":174000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3638,24 +3604,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.176Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3665,37 +3634,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.176Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Close Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":176000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3707,24 +3673,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.178Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3734,37 +3703,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.178Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":178000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3776,24 +3742,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.180Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3803,37 +3772,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.180Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Work On Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":180000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3845,24 +3811,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.182Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3872,37 +3841,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.182Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Link Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":182000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3914,24 +3880,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.184Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3941,37 +3910,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.184Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Administer Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":184000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3988,24 +3954,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.187Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4015,37 +3984,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.187Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Move Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":187000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4057,24 +4023,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.190Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4084,37 +4053,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.190Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Schedule Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":190000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4126,24 +4092,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.204Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4153,37 +4122,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.204Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Modify Reporter\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":204000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4200,24 +4166,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.208Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4227,37 +4196,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.208Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Voters and Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":208000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4269,24 +4235,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.210Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4296,37 +4265,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.210Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":210000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4343,24 +4309,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.212Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4370,37 +4339,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.212Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":212000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4417,24 +4383,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.215Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4444,37 +4413,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.215Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":215000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4486,24 +4452,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.217Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4513,37 +4482,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.217Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":217000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4560,24 +4526,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.219Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4587,37 +4556,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.219Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":219000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4629,24 +4595,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.221Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4656,37 +4625,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.221Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":221000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4703,24 +4669,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.223Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4730,37 +4699,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.223Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":223000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4772,24 +4738,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.225Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4799,37 +4768,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.225Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":225000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4841,24 +4807,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.227Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4868,37 +4837,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.227Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":227000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4915,24 +4881,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.229Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4942,37 +4911,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.229Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":229000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4984,24 +4950,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.231Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5011,37 +4980,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.231Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":231000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5058,24 +5024,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.233Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5085,37 +5054,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.233Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Read-Only Workflow\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":233000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5127,24 +5093,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.235Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5154,37 +5123,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.235Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Transition Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":235000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5196,24 +5162,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.236Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5223,37 +5192,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.236Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Development Tools\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":236000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], - "jira": { - "audit": { - "method": "Browser", - "affected_objects": [ - { - "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" - } - ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Default software scheme", + "type": "SCHEME" + } + ], "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5265,24 +5231,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.239Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5292,37 +5261,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.239Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":239000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5334,24 +5300,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.241Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5361,37 +5330,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.241Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Start/Complete Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":241000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5403,24 +5369,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.243Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5430,37 +5399,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.243Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":243000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5472,166 +5438,169 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.249Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "175.16.199.1" + "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", - "city_name": "Changchun", - "country_iso_code": "CN", - "country_name": "China", - "region_name": "Jilin Sheng", - "location": { - "lon": 125.3228, - "lat": 43.88 - } - }, - "address": "175.16.199.1", - "ip": "175.16.199.1" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.249Z", + "ecs": { + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme removed from project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":249000000},\"version\":\"1.0\"}", - "type": [ - "deletion" - ], "category": [ "configuration", "iam" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme removed from project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":249000000},\"version\":\"1.0\"}", + "type": [ + "deletion" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], + "method": "Browser", "type": { - "area": "PERMISSIONS", "action": "Permission scheme removed from project", "actionI18nKey": "jira.auditing.permission.scheme.removed.from.project", - "categoryI18nKey": "jira.auditing.category.permissions", + "area": "PERMISSIONS", "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.50.33.72" + "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" + "address": "175.16.199.1", + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.266Z", + "ecs": { + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme added to project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":266000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], + "method": "Browser", "type": { - "area": "PERMISSIONS", "action": "Permission scheme added to project", "actionI18nKey": "jira.auditing.permission.scheme.added.to.project", - "categoryI18nKey": "jira.auditing.category.permissions", + "area": "PERMISSIONS", "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.297Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5641,47 +5610,44 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.297Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.project.created", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"jira.auditing.project.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"test\"},{\"i18nKey\":\"common.words.key\",\"key\":\"Key\",\"to\":\"TEST\"},{\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\",\"to\":\"\"},{\"i18nKey\":\"common.concepts.projectlead\",\"key\":\"Project Lead\",\"to\":\"test.user\"},{\"i18nKey\":\"admin.projects.default.assignee\",\"key\":\"Default Assignee\",\"to\":\"Unassigned\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":297000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"jira.auditing.project.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"test\"},{\"i18nKey\":\"common.words.key\",\"key\":\"Key\",\"to\":\"TEST\"},{\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\",\"to\":\"\"},{\"i18nKey\":\"common.concepts.projectlead\",\"key\":\"Project Lead\",\"to\":\"test.user\"},{\"i18nKey\":\"admin.projects.default.assignee\",\"key\":\"Default Assignee\",\"to\":\"Unassigned\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":297000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project created", - "actionI18nKey": "jira.auditing.project.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5707,24 +5673,27 @@ "key": "Default Assignee", "to": "Unassigned" } - ] + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "jira.auditing.project.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.506Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5734,66 +5703,66 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.506Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.project.roles.changed", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project roles changed\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.common.words.users\",\"key\":\"Users\",\"to\":\"JIRAUSER10000\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":506000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10100", "name": "Developers", - "type": "PROJECT_ROLE", - "id": "10100" + "type": "PROJECT_ROLE" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project roles changed", - "actionI18nKey": "jira.auditing.project.roles.changed", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.users", "key": "Users", "to": "JIRAUSER10000" } - ] + ], + "method": "Browser", + "type": { + "action": "Project roles changed", + "actionI18nKey": "jira.auditing.project.roles.changed", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.521Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5803,42 +5772,39 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.521Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.version.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 1.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-14\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":521000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Version 1.0", - "type": "VERSION", - "id": "10000" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project version created", - "actionI18nKey": "jira.auditing.version.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5850,143 +5816,143 @@ "key": "Release date", "to": "2021-11-14" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "175.16.199.1" + "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", - "city_name": "Changchun", - "country_iso_code": "CN", - "country_name": "China", - "region_name": "Jilin Sheng", - "location": { - "lon": 125.3228, - "lat": 43.88 - } - }, - "address": "175.16.199.1", - "ip": "175.16.199.1" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.535Z", + "ecs": { + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.released", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version released\",\"actionI18nKey\":\"jira.auditing.version.released\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":535000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Version 1.0", - "type": "VERSION", - "id": "10000" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], + "method": "Browser", "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "action": "Project version released", "actionI18nKey": "jira.auditing.version.released", - "categoryI18nKey": "jira.auditing.category.projects", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.543Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.50.33.72" + "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" + "address": "175.16.199.1", + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.543Z", + "ecs": { + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Version 2.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 2.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-28\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":543000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Version 2.0", - "type": "VERSION", - "id": "10001" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project version created", - "actionI18nKey": "jira.auditing.version.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5998,24 +5964,27 @@ "key": "Release date", "to": "2021-11-28" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.545Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -6025,66 +5994,66 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.545Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "jira.auditing.version.created", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Version 3.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 3.0\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":545000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10002", "name": "Version 3.0", - "type": "VERSION", - "id": "10002" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project version created", - "actionI18nKey": "jira.auditing.version.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", "key": "Name", "to": "Version 3.0" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:12:02.856Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -6094,30 +6063,27 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:12:02.856Z", + "ecs": { + "version": "8.2.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"85\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 85\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539922,\"nano\":856000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Results returned", @@ -6138,70 +6104,70 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 85" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-26T19:35:10.718Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ - "172.17.0.1" + "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "172.17.0.1", - "ip": "172.17.0.1" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-26T19:35:10.718Z", + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"jira.auditing.user.login.failed\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Current number of failed login attempts\",\"nameI18nKey\":\"jira.auditing.user.login.failed.count\",\"value\":\"2\"},{\"name\":\"Reason for failed login\",\"nameI18nKey\":\"jira.auditing.user.login.failed.reason\",\"value\":\"User couldn't be authenticated\"}],\"method\":\"Browser\",\"source\":\"172.17.0.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955310,\"nano\":718000000},\"version\":\"1.0\"}", - "kind": "event", "action": "jira.auditing.user.login.failed", - "type": [ - "info" - ], "category": [ "authentication" ], - "outcome": "failure" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"jira.auditing.user.login.failed\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Current number of failed login attempts\",\"nameI18nKey\":\"jira.auditing.user.login.failed.count\",\"value\":\"2\"},{\"name\":\"Reason for failed login\",\"nameI18nKey\":\"jira.auditing.user.login.failed.reason\",\"value\":\"User couldn't be authenticated\"}],\"method\":\"Browser\",\"source\":\"172.17.0.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955310,\"nano\":718000000},\"version\":\"1.0\"}", + "outcome": "failure", + "type": [ + "info" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "admin.user", - "type": "USER", - "id": "10000" + "type": "USER" } ], - "type": { - "area": "SECURITY", - "action": "User login failed", - "actionI18nKey": "jira.auditing.user.login.failed", - "categoryI18nKey": "jira.auditing.category.login", - "category": "login", - "level": "FULL" - }, "extra_attributes": [ { "name": "Current number of failed login attempts", @@ -6213,71 +6179,105 @@ "nameI18nKey": "jira.auditing.user.login.failed.reason", "value": "User couldn't be authenticated" } - ] + ], + "method": "Browser", + "type": { + "action": "User login failed", + "actionI18nKey": "jira.auditing.user.login.failed", + "area": "SECURITY", + "category": "login", + "categoryI18nKey": "jira.auditing.category.login", + "level": "FULL" + } } - } - }, - { - "@timestamp": "2021-11-26T19:33:29.363Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "admin.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.100.100.2" + "172.17.0.1" + ], + "user": [ + "Anonymous" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.100.100.2", - "ip": "10.100.100.2" + "address": "172.17.0.1", + "ip": "172.17.0.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-26T19:33:29.363Z", + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login successful\",\"actionI18nKey\":\"jira.auditing.user.logged.in\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=admin.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955209,\"nano\":363000000},\"version\":\"1.0\"}", - "kind": "event", "action": "jira.auditing.user.logged.in", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin.user", - "id": "10000" + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login successful\",\"actionI18nKey\":\"jira.auditing.user.logged.in\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=admin.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955209,\"nano\":363000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "admin.user", - "type": "USER", - "id": "10000" + "type": "USER" } ], + "method": "Browser", "type": { - "area": "SECURITY", "action": "User login successful", "actionI18nKey": "jira.auditing.user.logged.in", - "categoryI18nKey": "jira.auditing.category.login", + "area": "SECURITY", "category": "login", + "categoryI18nKey": "jira.auditing.category.login", "level": "FULL" } } + }, + "related": { + "hosts": [ + "jira.internal" + ], + "ip": [ + "10.100.100.2" + ], + "user": [ + "admin.user" + ] + }, + "service": { + "address": "http://jira.internal:8088" + }, + "source": { + "address": "10.100.100.2", + "ip": "10.100.100.2" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "admin.user" } } ] diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml index 5622947e4b8..4da22641654 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml @@ -1,5 +1,3 @@ -dynamic_fields: - event.ingested: ".*" fields: tags: - preserve_original_event diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml new file mode 100644 index 00000000000..25ac9219c68 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -0,0 +1,13 @@ +input: httpjson +service: jira-api +vars: ~ +data_stream: + vars: + preserve_original_event: true + api_url: http://{{Hostname}}:{{Port}} + username: test.user + password: abc123 + limit: "2" + ssl: |- + verification_mode: none + atlassian_cloud: true diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml index f3a9b496b46..d3200691002 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml @@ -8,4 +8,5 @@ data_stream: username: test.user password: abc123 limit: "2" - ssl.verification_mode: none + ssl: |- + verification_mode: none diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 5ece9695f4b..c41f0e6997c 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -1,7 +1,11 @@ config_version: "2" interval: {{interval}} request.method: "GET" +{{#if atlassian_cloud}} +request.url: {{api_url}}/rest/api/3/auditing/record +{{else}} request.url: {{api_url}}/rest/auditing/1.0/events +{{/if}} {{#if ssl}} request.ssl: {{ssl}} {{/if}} @@ -21,6 +25,31 @@ auth.basic.password: {{password}} {{/unless}} request.transforms: + - set: + target: url.params.limit + value: {{ limit }} +{{#if atlassian_cloud}} + - set: + target: url.params.from + value: "[[.cursor.last_timestamp]]" + default: '[[formatDate (now (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.999"]]' + - set: + target: url.params.to + value: '[[formatDate (now) "2006-01-02T15:04:05.999"]]' + - set: + target: url.params.offset + value: '0' +response.split: + target: body.records +response.pagination: + - set: + target: url.value + value: '[[sprintf "%s/rest/api/3/auditing/record?from=%s&to=%s&offset=%d&limit=%s" "{{api_url}}" (.last_response.url.params.Get "from") (.last_response.url.params.Get "to") (add (toInt .last_response.body.offset) (toInt "{{ limit }}")) "{{ limit }}"]]' + fail_on_template_error: true +cursor: + last_timestamp: + value: "[[.first_event.created]]" +{{else}} {{#unless username}} {{#unless password}} {{#if token}} @@ -37,11 +66,6 @@ request.transforms: - set: target: url.params.to value: '[[formatDate now]]' - - set: - target: url.params.limit - value: {{ limit }} - - response.split: target: body.entities response.pagination: @@ -53,6 +77,7 @@ response.pagination: cursor: last_timestamp: value: "[[.first_event.timestamp]]" +{{/if}} tags: {{#if preserve_original_event}} @@ -61,10 +86,19 @@ tags: {{#each tags as |tag i|}} - {{tag}} {{/each}} + {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} + +{{#if atlassian_cloud}} +fields_under_root: true +fields: + _config: + atlassian_cloud: true +{{/if}} + {{#if processors}} processors: {{processors}} -{{/if}} \ No newline at end of file +{{/if}} \ No newline at end of file diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml new file mode 100644 index 00000000000..ed5163554e9 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -0,0 +1,81 @@ +--- +description: Pipeline for processing Atlassian Jira Cloud audit logs. +processors: +- set: + field: _tmp.timestamp + copy_from: json.created + if: ctx.json?.created != null +- convert: + field: json.id + target_field: event.id + type: string + ignore_missing: true +- rename: + field: json.remoteAddress + target_field: source.address + ignore_missing: true +- rename: + field: json.authorAccountId + target_field: user.id + ignore_missing: true +- rename: + field: json.category + target_field: jira.audit.type.category + ignore_missing: true +- rename: + field: json.summary + target_field: jira.audit.type.action + ignore_missing: true +- set: + field: event.action + copy_from: jira.audit.type.action + ignore_empty_value: true +- rename: + field: json.associatedItems + target_field: jira.audit.affected_objects + ignore_missing: true +- rename: + field: json.changedValues + target_field: jira.audit.changed_values + ignore_missing: true +- script: + lang: painless + description: Modify data to match Self Hosted + source: >- + if(ctx.jira?.audit?.affected_objects == null) { + ArrayList items = new ArrayList(); + ctx.jira?.audit.put("affected_objects", items); + } + if(ctx.json?.objectItem != null && !ctx.jira?.audit?.affected_objects.contains(ctx.json?.objectItem)) { + ctx.jira?.audit?.affected_objects.add(ctx.json?.objectItem); + } + + if(ctx.jira?.audit?.affected_objects != null) { + for (def j = 0; j < ctx.jira?.audit?.affected_objects.length; j++) { + if(ctx.jira.audit.affected_objects[j]?.typeName != null) { + ctx.jira.audit.affected_objects[j].put('type', ctx.jira.audit.affected_objects[j].typeName); + ctx.jira.audit.affected_objects[j].remove('typeName'); + } + } + } + if(ctx.jira?.audit?.changed_values != null) { + for (def j = 0; j < ctx.jira?.audit?.changed_values.length; j++) { + if(ctx.jira.audit.changed_values[j]?.fieldName != null) { + ctx.jira.audit.changed_values[j].put('i18nKey', ctx.jira.audit.changed_values[j].fieldName); + ctx.jira.audit.changed_values[j].put('key', ctx.jira.audit.changed_values[j].fieldName); + ctx.jira.audit.changed_values[j].remove('fieldName'); + } + if(ctx.jira.audit.changed_values[j]?.changedTo != null) { + ctx.jira.audit.changed_values[j].put('to', ctx.jira.audit.changed_values[j].changedTo); + ctx.jira.audit.changed_values[j].remove('changedTo'); + } + if(ctx.jira.audit.changed_values[j]?.changedFrom != null) { + ctx.jira.audit.changed_values[j].put('from', ctx.jira.audit.changed_values[j].changedFrom); + ctx.jira.audit.changed_values[j].remove('changedFrom'); + } + } + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index d13826428a2..5d49a0899a2 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Atlassian Jira audit logs. processors: - set: field: ecs.version @@ -10,14 +10,12 @@ processors: - json: field: event.original target_field: json -- set: - field: _tmp.timestamp - copy_from: json.timestamp - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String -- set: - field: _tmp.timestamp - value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null +- pipeline: + name: '{{ IngestPipeline "cloud" }}' + if: "ctx._config?.atlassian_cloud != null" +- pipeline: + name: '{{ IngestPipeline "self-hosted" }}' + if: "ctx._config?.atlassian_cloud == null" - date: field: _tmp.timestamp formats: @@ -53,79 +51,64 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true -- rename: - field: json.author.id - target_field: user.id - ignore_missing: true -- rename: - field: json.author.name - target_field: user.name - ignore_missing: true -- rename: - field: json.auditType - target_field: jira.audit.type - ignore_missing: true -- rename: - field: json.type - target_field: jira.audit.type - ignore_missing: true -- rename: - field: json.method - target_field: jira.audit.method - ignore_missing: true -- rename: - field: json.system - target_field: service.address - ignore_missing: true -- uri_parts: - field: service.address - target_field: _tmp.service - ignore_failure: true - if: ctx.service?.address != null -- rename: - field: json.extraAttributes - target_field: jira.audit.extra_attributes - ignore_missing: true -- rename: - field: json.changedValues - target_field: jira.audit.changed_values - ignore_missing: true -- rename: - field: json.affectedObjects - target_field: jira.audit.affected_objects - ignore_missing: true -- set: - field: event.action - copy_from: jira.audit.type.actionI18nKey - ignore_empty_value: true - script: lang: painless tag: Add ECS categorization params: + User created: + category: + - iam + type: + - user + - creation jira.auditing.user.created: category: - iam type: - user - creation + User updated: + category: + - iam + type: + - user + - change jira.auditing.user.updated: category: - iam type: - user - change + User deleted: + category: + - iam + type: + - user + - deletion jira.auditing.user.deleted: category: - iam type: - user - deletion + User added to group: + category: + - iam + type: + - group + - change jira.auditing.user.added.to.group: category: - iam type: - group - change + User removed from group: + category: + - iam + type: + - group + - change jira.auditing.user.removed.from.group: category: - iam @@ -166,18 +149,37 @@ processors: - authentication type: - end + Group created: + category: + - iam + type: + - group + - creation jira.auditing.group.created: category: - iam type: - group - creation + Group deleted: + category: + - iam + type: + - group + - deletion jira.auditing.group.deleted: category: - iam type: - group - deletion + Global permission added: + category: + - iam + - configuration + type: + - admin + - creation jira.auditing.global.permission.added: category: - iam @@ -185,6 +187,13 @@ processors: type: - admin - creation + Global permission removed: + category: + - iam + - configuration + type: + - admin + - deletion personal.access.tokens.audit.log.summary.token.created: category: - iam @@ -208,6 +217,11 @@ processors: type: - admin - change + Project created: + category: + - configuration + type: + - creation jira.auditing.project.created: category: - configuration @@ -261,7 +275,7 @@ processors: - script: lang: painless description: Add ECS User fields - if: "['jira.auditing.category.usermanagement','jira.auditing.category.groupmanagement'].contains(ctx.jira?.audit?.type?.categoryI18nKey)" + if: "['jira.auditing.category.usermanagement','jira.auditing.category.groupmanagement'].contains(ctx.jira?.audit?.type?.categoryI18nKey) || ['user management','group management'].contains(ctx.jira?.audit?.type?.category)" source: >- if (ctx?.event?.action == null) { return; @@ -289,16 +303,16 @@ processors: if(ctx.jira?.audit?.affected_objects != null) { for (def j = 0; j < ctx.jira?.audit?.affected_objects.length; j++) { if(ctx.jira?.audit?.affected_objects[j]?.type == 'GROUP') { - if(['jira.auditing.group.created', 'jira.auditing.group.deleted'].contains(ctx.event.action)) { + if(['jira.auditing.group.created', 'jira.auditing.group.deleted', 'Group created', 'Group deleted'].contains(ctx.event.action)) { ctx.group.put("name", ctx.jira?.audit?.affected_objects[j]?.name); } - if(['jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group'].contains(ctx.event.action)) { + if(['jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group', 'User added to group', 'User removed from group'].contains(ctx.event.action)) { ctx.user.target.group.put("name", ctx.jira?.audit?.affected_objects[j]?.name); ctx.user.target.group.put("id", ctx.jira?.audit?.affected_objects[j]?.id); } } if(ctx.jira?.audit?.affected_objects[j]?.type == 'USER') { - if(['jira.auditing.user.created', 'jira.auditing.user.deleted','jira.auditing.user.password.changed','jira.auditing.user.updated','jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group'].contains(ctx.event.action)) { + if(['jira.auditing.user.created', 'jira.auditing.user.deleted','jira.auditing.user.password.changed','jira.auditing.user.updated','jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group', 'User created', 'User deleted', 'User added to group', 'User removed from group'].contains(ctx.event.action)) { ctx.user.target.put("name", ctx.jira?.audit?.affected_objects[j]?.name); ctx.user.target.put("id", ctx.jira?.audit?.affected_objects[j]?.id); } @@ -307,13 +321,13 @@ processors: } if(ctx.jira?.audit?.changed_values != null) { for (def j = 0; j < ctx.jira?.audit?.changed_values.length; j++) { - if(['jira.auditing.user.renamed'].contains(ctx.event.action)) { + if(['jira.auditing.user.renamed', 'User renamed'].contains(ctx.event.action)) { if(ctx.jira?.audit?.changed_values[j]?.i18nKey == 'common.words.username') { ctx.user.changes.put("name", ctx.jira?.audit?.changed_values[j]?.to); ctx.user.target.put("name", ctx.jira?.audit?.changed_values[j]?.from); } } - if(['jira.auditing.user.created','jira.auditing.user.updated'].contains(ctx.event.action)) { + if(['jira.auditing.user.created','jira.auditing.user.updated', 'User created', 'User updated'].contains(ctx.event.action)) { if(ctx.jira?.audit?.changed_values[j]?.i18nKey == 'common.words.username') { ctx.user.changes.put("name", ctx.jira?.audit?.changed_values[j]?.to); if(ctx.jira?.audit?.changed_values[j]?.from != null) { @@ -364,6 +378,7 @@ processors: field: - json - _tmp + - _config ignore_missing: true - remove: field: event.original diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml new file mode 100644 index 00000000000..42914faaa62 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -0,0 +1,94 @@ +--- +description: Pipeline for processing self-hosted Atlassian Jira audit logs. +processors: +- set: + field: _tmp.timestamp + copy_from: json.timestamp + if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String +- set: + field: _tmp.timestamp + value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" + if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null +- rename: + field: json.source + target_field: source.address + ignore_missing: true +- convert: + field: source.address + target_field: source.ip + type: ip + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: json.author.id + target_field: user.id + ignore_missing: true +- rename: + field: json.author.name + target_field: user.name + ignore_missing: true +- rename: + field: json.auditType + target_field: jira.audit.type + ignore_missing: true +- rename: + field: json.type + target_field: jira.audit.type + ignore_missing: true +- rename: + field: json.method + target_field: jira.audit.method + ignore_missing: true +- rename: + field: json.system + target_field: service.address + ignore_missing: true +- uri_parts: + field: service.address + target_field: _tmp.service + ignore_failure: true + if: ctx.service?.address != null +- rename: + field: json.extraAttributes + target_field: jira.audit.extra_attributes + ignore_missing: true +- rename: + field: json.changedValues + target_field: jira.audit.changed_values + ignore_missing: true +- rename: + field: json.affectedObjects + target_field: jira.audit.affected_objects + ignore_missing: true +- set: + field: event.action + copy_from: jira.audit.type.actionI18nKey + ignore_empty_value: true +- append: + field: related.hosts + value: '{{_tmp.service.domain}}' + allow_duplicates: false + if: ctx._tmp?.service?.domain != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_jira/data_stream/audit/fields/ecs.yml b/packages/atlassian_jira/data_stream/audit/fields/ecs.yml index 50fda5dc2ca..090b9906d9a 100644 --- a/packages/atlassian_jira/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_jira/data_stream/audit/fields/ecs.yml @@ -3,68 +3,84 @@ - external: ecs name: error.message - external: ecs - name: tags + name: event.action - external: ecs - name: user.id + name: event.category - external: ecs - name: user.name + name: event.created - external: ecs - name: user.full_name + name: event.id - external: ecs - name: user.target.full_name + name: event.kind - external: ecs - name: user.target.name + name: event.original - external: ecs - name: user.target.group.name + name: event.outcome - external: ecs - name: user.target.id + name: event.type - external: ecs - name: user.target.email + name: group.name - external: ecs - name: user.changes.name + name: log.file.path - external: ecs - name: user.changes.full_name + name: related.hosts - external: ecs - name: user.changes.email + name: related.ip - external: ecs - name: group.name -- name: source.address - external: ecs -- name: source.as.number - external: ecs -- name: source.as.organization.name - external: ecs -- name: source.bytes - external: ecs -- name: source.domain - external: ecs -- name: source.geo.city_name - external: ecs -- name: source.geo.continent_name - external: ecs -- name: source.geo.country_iso_code - external: ecs -- name: source.geo.country_name - external: ecs -- name: source.geo.location - description: Longitude and latitude. + name: related.user +- external: ecs + name: service.address +- external: ecs + name: source.address +- external: ecs + name: source.as.number +- external: ecs + name: source.as.organization.name +- external: ecs + name: source.bytes +- external: ecs + name: source.domain +- external: ecs + name: source.geo.city_name +- external: ecs + name: source.geo.continent_name +- external: ecs + name: source.geo.country_iso_code +- external: ecs + name: source.geo.country_name +- description: Longitude and latitude. example: '{ "lon": -73.614830, "lat": 45.505918 }' + name: source.geo.location type: geo_point -- name: source.geo.name - external: ecs -- name: source.geo.region_iso_code - external: ecs -- name: source.geo.region_name - external: ecs -- name: source.ip - external: ecs -- name: log.file.path - external: ecs -- name: service.address - external: ecs -- name: related.ip - external: ecs -- name: related.user - external: ecs -- name: related.hosts - external: ecs +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.region_iso_code +- external: ecs + name: source.geo.region_name +- external: ecs + name: source.ip +- external: ecs + name: tags +- external: ecs + name: user.changes.email +- external: ecs + name: user.changes.full_name +- external: ecs + name: user.changes.name +- external: ecs + name: user.full_name +- external: ecs + name: user.id +- external: ecs + name: user.name +- external: ecs + name: user.target.email +- external: ecs + name: user.target.full_name +- external: ecs + name: user.target.group.name +- external: ecs + name: user.target.id +- external: ecs + name: user.target.name diff --git a/packages/atlassian_jira/data_stream/audit/manifest.yml b/packages/atlassian_jira/data_stream/audit/manifest.yml index a2a18bda31a..e619f02e4db 100644 --- a/packages/atlassian_jira/data_stream/audit/manifest.yml +++ b/packages/atlassian_jira/data_stream/audit/manifest.yml @@ -73,6 +73,14 @@ streams: required: false multi: false show_user: true + - name: atlassian_cloud + required: true + show_user: true + title: Atlassian Cloud + description: Is this an Atlassian SaaS Confluence instance + type: bool + multi: false + default: false - name: http_client_timeout type: text title: HTTP Client Timeout diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index 269d2d8f553..f2fcea5b50c 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -6,7 +6,7 @@ The Jira integration collects audit logs from the audit log files or the [audit ### Audit -The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. This has not been tested with Jira Cloud and is not expected to work. +The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian JIRA Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. **Exported fields** @@ -31,8 +31,16 @@ The Jira integration collects audit logs from the audit log files or the audit A | data_stream.type | Data stream type. | constant_keyword | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | error.message | Error message. | match_only_text | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | +| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | event.dataset | Event dataset | constant_keyword | +| event.id | Unique ID to describe the event. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.module | Event module | constant_keyword | +| event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword | +| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | group.name | Name of the group. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index e9a73a3bb43..af448c32b26 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: 1.2.0 +version: 1.3.0 license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration