From 5af743d1a2e7c924a60a059c6cd23390954cffe7 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 15:18:09 -0500 Subject: [PATCH 01/30] jira: format test files before making other changes [git-generate] cd packages/atlassian_jira elastic-package test pipeline -g --- .../pipeline/test-audit-api.log-expected.json | 5620 +++++++++-------- .../test-audit-files.log-expected.json | 5500 ++++++++-------- 2 files changed, 5652 insertions(+), 5468 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 2fe8055d2d6..9f9d50988f1 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -5,58 +5,13 @@ "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "test.user" - ], - "hosts": [ - "jira.internal" - ], - "ip": [ - "175.16.199.1" - ] - }, - "service": { - "address": "http://jira.internal:8088" - }, - "source": { - "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", - "city_name": "Changchun", - "country_iso_code": "CN", - "country_name": "China", - "region_name": "Jilin Sheng", - "location": { - "lon": 125.3228, - "lat": 43.88 - } - }, - "address": "175.16.199.1", - "ip": "175.16.199.1" - }, "event": { "action": "atlassian.audit.event.action.audit.search", "original": "{\"timestamp\":\"2021-11-22T00:34:47.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"45 - 94\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -77,67 +32,68 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:34:40.008Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { + "address": "175.16.199.1", "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", "city_name": "Changchun", + "continent_name": "Asia", "country_iso_code": "CN", "country_name": "China", - "region_name": "Jilin Sheng", "location": { - "lon": 125.3228, - "lat": 43.88 - } + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" }, - "address": "175.16.199.1", "ip": "175.16.199.1" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:34:40.008Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208646585Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:40.008Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"44 - 93\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -158,93 +114,107 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:34:23.154Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.50.33.72" + "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" + "address": "175.16.199.1", + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:34:23.154Z", + "ecs": { + "version": "8.0.0" }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208647897Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:23.154Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"personal.access.tokens.audit.log.category\",\"category\":\"Security\",\"actionI18nKey\":\"personal.access.tokens.audit.log.summary.token.created\",\"action\":\"Personal access token created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"User\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"personal.access.tokens.audit.log.extra.attribute.name\",\"name\":\"Token Name\",\"value\":\"asdf\"}]}", "type": [ "admin", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "User", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], - "type": { - "actionI18nKey": "personal.access.tokens.audit.log.summary.token.created", - "action": "Personal access token created", - "categoryI18nKey": "personal.access.tokens.audit.log.category", - "category": "Security" - }, "extra_attributes": [ { "name": "Token Name", "nameI18nKey": "personal.access.tokens.audit.log.extra.attribute.name", "value": "asdf" } - ] + ], + "method": "Browser", + "type": { + "action": "Personal access token created", + "actionI18nKey": "personal.access.tokens.audit.log.summary.token.created", + "category": "Security", + "categoryI18nKey": "personal.access.tokens.audit.log.category" + } } - } - }, - { - "@timestamp": "2021-11-22T00:32:20.234Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -254,28 +224,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:32:20.234Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208649106Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:32:20.234Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:33.746Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -296,24 +266,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:08:33.746Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:31:52.991Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -323,28 +294,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:31:52.991Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208650355Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:52.991Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"41 - 90\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:33.887Z - 2021-11-22T00:31:37.412Z\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -365,24 +336,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:33.887Z - 2021-11-22T00:31:37.412Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:31:37.412Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -392,28 +364,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:31:37.412Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208651548Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:37.412Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"69 - 78\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -434,24 +406,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:31:26.455Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -461,28 +434,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:31:26.455Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208652762Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:26.455Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 88\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.266Z - 2021-11-22T00:30:59.449Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -503,24 +476,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:08:34.266Z - 2021-11-22T00:30:59.449Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:30:59.449Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -530,28 +504,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:30:59.449Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208653964Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:30:59.449Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:26:03.206Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -572,24 +546,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:26:03.206Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:26:03.206Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -599,28 +574,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:26:03.206Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208655162Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:26:03.206Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:12:02.856Z\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -641,24 +616,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:12:02.856Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:12:02.856Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -668,28 +644,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:12:02.856Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:18.208656403Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:12:02.856Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -710,24 +686,25 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.545Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -737,66 +714,67 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.545Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.version.created", + "ingested": "2022-02-24T20:23:18.208657625Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.545Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 3.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10002\",\"id\":\"10002\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 3.0\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 3.0", "id": "10002", + "name": "Version 3.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10002" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.version.created", - "action": "Project version created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "common.words.name", "key": "Name", "to": "Version 3.0" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.543Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -806,42 +784,42 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.543Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.version.created", + "ingested": "2022-02-24T20:23:18.208659079Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.543Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 2.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10001\",\"id\":\"10001\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 2.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-28\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 2.0", "id": "10001", + "name": "Version 2.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10001" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.version.created", - "action": "Project version created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -853,24 +831,25 @@ "key": "Release date", "to": "2021-11-28" } - ] - } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.535Z", - "ecs": { - "version": "8.2.0" + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } + } }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -880,59 +859,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.535Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.version.released", + "ingested": "2022-02-24T20:23:18.208660277Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.released\",\"action\":\"Project version released\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 1.0", "id": "10000", + "name": "Version 1.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.version.released", "action": "Project version released", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" + "actionI18nKey": "jira.auditing.version.released", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.521Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -942,42 +922,42 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.521Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.version.created", + "ingested": "2022-02-24T20:23:18.208661516Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.521Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 1.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-14\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Version 1.0", "id": "10000", + "name": "Version 1.0", "type": "VERSION", "uri": "http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.version.created", - "action": "Project version created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -989,24 +969,25 @@ "key": "Release date", "to": "2021-11-14" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.506Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1016,65 +997,66 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.506Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.project.roles.changed", + "ingested": "2022-02-24T20:23:18.208662726Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.506Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"action\":\"Project roles changed\"},\"affectedObjects\":[{\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\",\"id\":\"10100\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Users\",\"i18nKey\":\"admin.common.words.users\",\"to\":\"JIRAUSER10000\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10100", "name": "Developers", - "type": "PROJECT_ROLE", - "id": "10100" + "type": "PROJECT_ROLE" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.project.roles.changed", - "action": "Project roles changed", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "admin.common.words.users", "key": "Users", "to": "JIRAUSER10000" } - ] + ], + "method": "Browser", + "type": { + "action": "Project roles changed", + "actionI18nKey": "jira.auditing.project.roles.changed", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.297Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1084,47 +1066,47 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.297Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.project.created", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.297Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.created\",\"action\":\"Project created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Default Assignee\",\"i18nKey\":\"admin.projects.default.assignee\",\"to\":\"Unassigned\"},{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"to\":\"\"},{\"key\":\"Key\",\"i18nKey\":\"common.words.key\",\"to\":\"TEST\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"test\"},{\"key\":\"Project Lead\",\"i18nKey\":\"common.concepts.projectlead\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "ingested": "2022-02-24T20:23:18.208663983Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.297Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.created\",\"action\":\"Project created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Default Assignee\",\"i18nKey\":\"admin.projects.default.assignee\",\"to\":\"Unassigned\"},{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"to\":\"\"},{\"key\":\"Key\",\"i18nKey\":\"common.words.key\",\"to\":\"TEST\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"test\"},{\"key\":\"Project Lead\",\"i18nKey\":\"common.concepts.projectlead\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], - "type": { - "actionI18nKey": "jira.auditing.project.created", - "action": "Project created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects" - }, "changed_values": [ { "i18nKey": "admin.projects.default.assignee", @@ -1150,24 +1132,25 @@ "key": "Project Lead", "to": "test.user" } - ] + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "jira.auditing.project.created", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1177,59 +1160,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.266Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", + "ingested": "2022-02-24T20:23:18.208665295Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.266Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"action\":\"Permission scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.permission.scheme.added.to.project", "action": "Permission scheme added to project", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" + "actionI18nKey": "jira.auditing.permission.scheme.added.to.project", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.249Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1239,65 +1223,66 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.249Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.249Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"action\":\"Permission scheme removed from project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "deletion" - ], "category": [ "configuration", "iam" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "ingested": "2022-02-24T20:23:18.208666492Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.249Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"action\":\"Permission scheme removed from project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "deletion" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.permission.scheme.removed.from.project", "action": "Permission scheme removed from project", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" + "actionI18nKey": "jira.auditing.permission.scheme.removed.from.project", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.243Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1307,36 +1292,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.243Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208667730Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.243Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1348,24 +1333,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.241Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1375,36 +1361,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.241Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208668956Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.241Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Start/Complete Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1416,24 +1402,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.239Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1443,36 +1430,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.239Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208670160Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.239Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1484,24 +1471,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.236Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1511,36 +1499,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.236Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208671401Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.236Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Development Tools\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1552,24 +1540,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.235Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1579,36 +1568,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.235Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208672616Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.235Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Transition Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1620,24 +1609,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.233Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1647,36 +1637,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.233Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208673908Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.233Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Read-Only Workflow\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1688,26 +1678,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.231Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" - ] - }, + ], + "user": [ + "test.user" + ] + }, "service": { "address": "http://jira.internal:8088" }, @@ -1715,36 +1706,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.231Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208675121Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.231Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1761,24 +1752,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.229Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1788,36 +1780,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.229Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208676347Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.229Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1829,24 +1821,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.227Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1856,36 +1849,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.227Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208677642Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.227Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1902,24 +1895,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.225Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1929,36 +1923,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.225Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208678864Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.225Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1970,24 +1964,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.223Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -1997,36 +1992,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.223Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208680072Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.223Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2038,24 +2033,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.221Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2065,36 +2061,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.221Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208681281Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.221Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2111,24 +2107,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.219Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2138,36 +2135,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:08:34.219Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.219Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208683061Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:34.219Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2179,24 +2176,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.217Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2206,36 +2204,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.217Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208684444Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.217Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2252,24 +2250,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.215Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2279,36 +2278,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.215Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208685756Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.215Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2320,24 +2319,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.212Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2347,36 +2347,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.212Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208687152Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.212Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2393,24 +2393,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.210Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2420,36 +2421,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.210Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208688499Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.210Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2466,24 +2467,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.208Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2493,36 +2495,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.208Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208689729Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.208Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Voters and Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2534,24 +2536,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.204Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2561,36 +2564,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.204Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208690973Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.204Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Modify Reporter\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2607,24 +2610,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.190Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2634,36 +2638,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.190Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208692211Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.190Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Schedule Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2675,24 +2679,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.187Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2702,36 +2707,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.187Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208693452Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.187Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Move Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2743,24 +2748,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.184Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2770,36 +2776,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.184Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208694709Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.184Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Administer Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2816,24 +2822,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.182Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2843,36 +2850,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.182Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208695932Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.182Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Link Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2884,24 +2891,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.180Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2911,36 +2919,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.180Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208697146Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.180Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Work On Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -2952,24 +2960,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.178Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2979,36 +2988,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.178Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208698413Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.178Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3020,24 +3029,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.176Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3047,36 +3057,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.176Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208699684Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.176Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Close Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3088,24 +3098,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.174Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3115,36 +3126,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.174Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208701019Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.174Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assignable User\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3156,24 +3167,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.173Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3183,36 +3195,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.173Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208702410Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.173Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3229,24 +3241,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.171Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3256,36 +3269,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.171Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208703683Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.171Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Add Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3297,24 +3310,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.168Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3324,36 +3338,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.168Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208704972Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.168Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Resolve Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3365,24 +3379,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.166Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3392,36 +3407,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.166Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208706234Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.166Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assign Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3433,24 +3448,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.165Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3460,36 +3476,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.165Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208707489Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.165Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3501,24 +3517,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.163Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3528,36 +3545,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.163Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208708896Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.163Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3569,24 +3586,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.151Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3596,36 +3614,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.151Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208710125Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.151Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3637,24 +3655,25 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.142Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3664,36 +3683,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.142Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.created", + "ingested": "2022-02-24T20:23:18.208711361Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.142Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"action\":\"Permission scheme created\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Default scheme for Software projects.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Default software scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default software scheme", "id": "10000", + "name": "Default software scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.created", - "action": "Permission scheme created", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -3705,24 +3724,25 @@ "key": "Name", "to": "Default software scheme" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme created", + "actionI18nKey": "jira.auditing.permission.scheme.created", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.072Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3732,59 +3752,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.072Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "Board created", + "ingested": "2022-02-24T20:23:18.208712608Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.072Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.boards\",\"category\":\"boards\",\"actionI18nKey\":\"Board created\",\"action\":\"Board created\"},\"affectedObjects\":[{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"},{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "TEST board", "id": "1", + "name": "TEST board", "type": "BOARD", "uri": "http://jira.internal:8088/secure/RapidView.jspa?rapidView=1" }, { - "name": "TEST board", "id": "1", + "name": "TEST board", "type": "BOARD", "uri": "http://jira.internal:8088/secure/RapidView.jspa?rapidView=1" } ], + "method": "Browser", "type": { - "actionI18nKey": "Board created", "action": "Board created", - "categoryI18nKey": "jira.auditing.category.boards", - "category": "boards" + "actionI18nKey": "Board created", + "category": "boards", + "categoryI18nKey": "jira.auditing.category.boards" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.887Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3794,48 +3815,48 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.887Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.filter.created", + "ingested": "2022-02-24T20:23:18.208713899Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.887Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.filters\",\"category\":\"filters\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"action\":\"Filter created\"},\"affectedObjects\":[{\"name\":\"Filter for TEST board\",\"type\":\"FILTER\",\"uri\":\"http://jira.internal:8088/issues/?filter=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"from\":\"\"},{\"key\":\"JQL Query\",\"i18nKey\":\"jira.jql.query\",\"from\":\"\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"from\":\"\",\"to\":\"Filter for TEST board\"},{\"key\":\"Owner\",\"i18nKey\":\"common.concepts.owner\",\"from\":\"\",\"to\":\"test.user\"},{\"key\":\"Shared with\",\"i18nKey\":\"common.concepts.shared.with\",\"from\":\"[]\",\"to\":\"[Project: test (VIEW)]\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Filter for TEST board", "id": "10000", + "name": "Filter for TEST board", "type": "FILTER", "uri": "http://jira.internal:8088/issues/?filter=10000" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" }, { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.filter.created", - "action": "Filter created", - "categoryI18nKey": "jira.auditing.category.filters", - "category": "filters" - }, "changed_values": [ { "i18nKey": "common.concepts.description", @@ -3858,28 +3879,29 @@ }, { "from": "[]", - "to": "[Project: test (VIEW)]", "i18nKey": "common.concepts.shared.with", - "key": "Shared with" + "key": "Shared with", + "to": "[Project: test (VIEW)]" } - ] + ], + "method": "Browser", + "type": { + "action": "Filter created", + "actionI18nKey": "jira.auditing.filter.created", + "category": "filters", + "categoryI18nKey": "jira.auditing.category.filters" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.746Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3889,59 +3911,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.workflow.scheme.added.to.project", - "original": "{\"timestamp\":\"2021-11-22T00:08:33.746Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"action\":\"Workflow scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.746Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.workflow.scheme.added.to.project", + "ingested": "2022-02-24T20:23:18.208715118Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:08:33.746Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"action\":\"Workflow scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test", "id": "10000", + "name": "test", "type": "PROJECT", "uri": "http://jira.internal:8088/secure/ViewProject.jspa?pid=10000" }, { - "name": "TEST: Software Simplified Workflow Scheme", "id": "10100", + "name": "TEST: Software Simplified Workflow Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.workflow.scheme.added.to.project", "action": "Workflow scheme added to project", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" + "actionI18nKey": "jira.auditing.workflow.scheme.added.to.project", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.732Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3951,36 +3974,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.732Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.workflow.scheme.created", + "ingested": "2022-02-24T20:23:18.208716346Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.732Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"action\":\"Workflow scheme created\"},\"affectedObjects\":[{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "TEST: Software Simplified Workflow Scheme", "id": "10100", + "name": "TEST: Software Simplified Workflow Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100" } ], - "type": { - "actionI18nKey": "jira.auditing.workflow.scheme.created", - "action": "Workflow scheme created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -3992,24 +4015,25 @@ "key": "Name", "to": "TEST: Software Simplified Workflow Scheme" } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow scheme created", + "actionI18nKey": "jira.auditing.workflow.scheme.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.710Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4019,36 +4043,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.710Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.workflow.created", + "ingested": "2022-02-24T20:23:18.208717557Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.710Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"action\":\"Workflow created\"},\"affectedObjects\":[{\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\",\"uri\":\"http://jira.internal:8088/secure/admin/workflows/ViewWorkflowSteps.jspa?workflowMode=live\u0026workflowName=Software Simplified Workflow for Project TEST\",\"id\":\"Software Simplified Workflow for Project TEST\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"key\":\"Status\",\"i18nKey\":\"common.words.status\",\"to\":\"To Do, In Progress, Done\"},{\"key\":\"Transition\",\"i18nKey\":\"admin.workflowtransition.transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Software Simplified Workflow for Project TEST", "id": "Software Simplified Workflow for Project TEST", + "name": "Software Simplified Workflow for Project TEST", "type": "WORKFLOW", "uri": "http://jira.internal:8088/secure/admin/workflows/ViewWorkflowSteps.jspa?workflowMode=live\u0026workflowName=Software Simplified Workflow for Project TEST" } ], - "type": { - "actionI18nKey": "jira.auditing.workflow.created", - "action": "Workflow created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4070,24 +4094,25 @@ "key": "Transition", "to": "Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)" } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow created", + "actionI18nKey": "jira.auditing.workflow.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.537Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4097,60 +4122,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.537Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:18.208718904Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.537Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10003\",\"id\":\"10003\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Cannot Reproduce", "id": "10003", + "name": "Cannot Reproduce", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10003" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.536Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4160,60 +4186,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.536Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:18.208720150Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Duplicate\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10002\",\"id\":\"10002\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"The problem is a duplicate of an existing issue.\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Duplicate", "id": "10002", + "name": "Duplicate", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10002" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "The problem is a duplicate of an existing issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4223,60 +4250,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.535Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:18.208721396Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Won't Do\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10001\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"This issue won't be actioned.\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Won't Do", "id": "10001", + "name": "Won't Do", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10001" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "This issue won't be actioned." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.534Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4286,60 +4314,61 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.534Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:18.208722679Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.534Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Done\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"Work has been completed on this issue.\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Done", "id": "10000", + "name": "Done", "type": "RESOLUTION", "uri": "http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10000" } ], - "type": { - "actionI18nKey": "jira.auditing.resolutions.created", - "action": "New resolution created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "Work has been completed on this issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.088Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4349,36 +4378,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.088Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208723998Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:09.088Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10111\",\"id\":\"customfield_10111\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Story Points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Number Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Story Points", "id": "customfield_10111", + "name": "Story Points", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10111" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4395,24 +4424,25 @@ "key": "Type", "to": "Number Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.037Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4422,57 +4452,58 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.037Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"timestamp\":\"2021-11-22T00:07:09.037Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Story\",\"type\":\"ISSUE_TYPE\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208725206Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:07:09.037Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Story\",\"type\":\"ISSUE_TYPE\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Story", - "type": "ISSUE_TYPE", - "id": "10001" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.issue.type.created", "action": "Issue type created", - "categoryI18nKey": "jira.auditing.category.issuetypes", - "category": "issue types" + "actionI18nKey": "jira.auditing.issue.type.created", + "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes" } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.794Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4482,36 +4513,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.794Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208726433Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.794Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10110\",\"id\":\"customfield_10110\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Rank\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Global Rank\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Rank", "id": "customfield_10110", + "name": "Rank", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10110" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4528,24 +4559,25 @@ "key": "Type", "to": "Global Rank" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.725Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4555,36 +4587,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.725Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208727641Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.725Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10109\",\"id\":\"customfield_10109\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Epic Link Relationship\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Link", "id": "customfield_10109", + "name": "Epic Link", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10109" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4601,24 +4633,25 @@ "key": "Type", "to": "Epic Link Relationship" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.694Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4628,36 +4661,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.694Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208728857Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.694Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10108\",\"id\":\"customfield_10108\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Jira Software sprint field\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Sprint\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Jira Sprint Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Sprint", "id": "customfield_10108", + "name": "Sprint", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10108" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4674,24 +4707,25 @@ "key": "Type", "to": "Jira Sprint Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.669Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4701,36 +4735,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.669Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208730130Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:01.669Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10107\",\"id\":\"customfield_10107\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Colour\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Colour of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Colour", "id": "customfield_10107", + "name": "Epic Colour", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10107" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4747,24 +4781,25 @@ "key": "Type", "to": "Colour of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.644Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4774,36 +4809,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.644Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208731336Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:01.644Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10106\",\"id\":\"customfield_10106\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Status\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Status of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Status", "id": "customfield_10106", + "name": "Epic Status", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10106" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4820,24 +4855,25 @@ "key": "Type", "to": "Status of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.522Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4847,36 +4883,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.522Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208732561Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.522Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10105\",\"id\":\"customfield_10105\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Provide a short name to identify this epic.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Name\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Name of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Epic Name", "id": "customfield_10105", + "name": "Epic Name", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10105" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -4893,24 +4929,25 @@ "key": "Type", "to": "Name of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.485Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4920,57 +4957,58 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.485Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"timestamp\":\"2021-11-22T00:06:59.485Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208733791Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:59.485Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Epic", - "type": "ISSUE_TYPE", - "id": "10000" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.issue.type.created", "action": "Issue type created", - "categoryI18nKey": "jira.auditing.category.issuetypes", - "category": "issue types" + "actionI18nKey": "jira.auditing.issue.type.created", + "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.340Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -4980,53 +5018,54 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.340Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "ingested": "2022-02-24T20:23:18.208735009Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.340Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target end", "id": "customfield_10103", + "name": "Target end", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.customfield.updated", "action": "Custom field updated", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" + "actionI18nKey": "jira.auditing.customfield.updated", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.332Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5036,53 +5075,54 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.332Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "ingested": "2022-02-24T20:23:18.208736230Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.332Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target start", "id": "customfield_10102", + "name": "Target start", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.customfield.updated", "action": "Custom field updated", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" + "actionI18nKey": "jira.auditing.customfield.updated", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.313Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5092,36 +5132,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.313Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208737446Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.313Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10104\",\"id\":\"customfield_10104\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Original story points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Original story points\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Original story points", "id": "customfield_10104", + "name": "Original story points", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10104" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5133,24 +5173,25 @@ "key": "Type", "to": "Original story points" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5160,36 +5201,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.266Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208738804Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.266Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target end\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target end\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target end", "id": "customfield_10103", + "name": "Target end", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -5206,24 +5247,25 @@ "key": "Type", "to": "Target end" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.224Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5233,36 +5275,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.224Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208740004Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.224Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target start\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target start\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Target start", "id": "customfield_10102", + "name": "Target start", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.description", @@ -5279,24 +5321,25 @@ "key": "Type", "to": "Target start" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.990Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5306,53 +5349,54 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.990Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "ingested": "2022-02-24T20:23:18.208741216Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.990Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Parent Link", "id": "customfield_10101", + "name": "Parent Link", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.customfield.updated", "action": "Custom field updated", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" + "actionI18nKey": "jira.auditing.customfield.updated", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.974Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5362,36 +5406,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.974Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208742423Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.974Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Parent Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Parent Link\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Parent Link", "id": "customfield_10101", + "name": "Parent Link", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5403,24 +5447,25 @@ "key": "Type", "to": "Parent Link" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.318Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5430,36 +5475,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.318Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:18.208743607Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.318Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10100\",\"id\":\"customfield_10100\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Team\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Team\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Team", "id": "customfield_10100", + "name": "Team", "type": "CUSTOM_FIELD", "uri": "http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10100" } ], - "type": { - "actionI18nKey": "jira.auditing.customfield.created", - "action": "Custom field created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5471,24 +5516,25 @@ "key": "Type", "to": "Team" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.162Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5498,36 +5544,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.162Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208744801Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.162Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5544,24 +5590,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.158Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5571,70 +5618,71 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"timestamp\":\"2021-11-22T00:06:57.158Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"Manage Sprints\",\"to\":\"\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"Project Role\",\"to\":\"\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"Administrators\",\"to\":\"\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "jira": { + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.158Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208746043Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:57.158Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"Manage Sprints\",\"to\":\"\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"Project Role\",\"to\":\"\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"Administrators\",\"to\":\"\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, + "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { - "i18nKey": "admin.common.words.permission", "from": "Manage Sprints", + "i18nKey": "admin.common.words.permission", "key": "Permission" }, { - "i18nKey": "admin.common.words.type", "from": "Project Role", + "i18nKey": "admin.common.words.type", "key": "Type" }, { - "i18nKey": "admin.common.words.value", "from": "Administrators", + "i18nKey": "admin.common.words.value", "key": "Value" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.138Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5644,36 +5692,36 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.138Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:18.208747273Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.138Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Default Permission Scheme", "id": "0", + "name": "Default Permission Scheme", "type": "SCHEME", "uri": "http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0" } ], - "type": { - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "action": "Permission scheme updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5690,25 +5738,25 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.756Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5718,35 +5766,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.756Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208748518Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.756Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-software-users" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", @@ -5754,35 +5801,31 @@ "uri": "http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.user.added.to.group", "action": "User added to group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", - "category": "group management" + "actionI18nKey": "jira.auditing.user.added.to.group", + "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.754Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -5792,41 +5835,48 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-software-users" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.754Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.754Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208749713Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.754Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -5838,24 +5888,25 @@ "key": "Permission", "to": "Manage Group Filter Subscriptions" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.752Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5865,41 +5916,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.752Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.752Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208750907Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.752Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -5911,24 +5962,25 @@ "key": "Permission", "to": "Create Shared Objects" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.751Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -5938,41 +5990,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.751Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.751Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208752120Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.751Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -5984,24 +6036,25 @@ "key": "Permission", "to": "Browse Users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.750Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6011,41 +6064,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.750Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:06:49.750Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208753341Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:06:49.750Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6057,25 +6110,25 @@ "key": "Permission", "to": "Bulk Change" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.734Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6085,35 +6138,34 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.734Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208754553Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.734Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-administrators\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-administrators" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-administrators", @@ -6121,36 +6173,31 @@ "uri": "http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-administrators" }, { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.user.added.to.group", "action": "User added to group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", - "category": "group management" + "actionI18nKey": "jira.auditing.user.added.to.group", + "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.600Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -6160,51 +6207,49 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-administrators" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.600Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.user.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208755785Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.600Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Active / Inactive\",\"i18nKey\":\"admin.common.phrases.active.inactive\",\"to\":\"Active\"},{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"to\":\"test.user@example.com\"},{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"to\":\"Alex\"},{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "changes": { - "name": "test.user", - "email": "test.user@example.com", - "full_name": "Alex" - }, - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000" - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test.user", "id": "JIRAUSER10000", + "name": "test.user", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user" } ], - "type": { - "actionI18nKey": "jira.auditing.user.created", - "action": "User created", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "i18nKey": "admin.common.phrases.active.inactive", @@ -6226,24 +6271,26 @@ "key": "Username", "to": "test.user" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "jira.auditing.user.created", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.596Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -6253,35 +6300,44 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "email": "test.user@example.com", + "full_name": "Alex", + "name": "test.user" + }, + "id": "-2", + "name": "Anonymous", + "target": { + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:05:08.596Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.system.license.added", + "ingested": "2022-02-24T20:23:18.208756984Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.596Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.system\",\"category\":\"system\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"action\":\"New license added\"},\"affectedObjects\":[{\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Date Purchased\",\"i18nKey\":\"admin.license.date.purchased\",\"to\":\"21/Nov/21\"},{\"key\":\"License Type\",\"i18nKey\":\"admin.license.type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"key\":\"Organization\",\"i18nKey\":\"admin.license.organisation\",\"to\":\"myself\"},{\"key\":\"Server ID\",\"i18nKey\":\"admin.server.id\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"key\":\"Support Entitlement Number (SEN)\",\"i18nKey\":\"admin.license.sen\",\"to\":\"SEN-L17782970\"},{\"key\":\"User Limit\",\"i18nKey\":\"admin.license.user.limit\",\"to\":\"Unlimited\"},{\"key\":\"jira-software\",\"i18nKey\":\"jira-software\",\"to\":\"-1\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "SEN-L17782970", - "type": "LICENSE", - "id": "0" + "type": "LICENSE" } ], - "type": { - "actionI18nKey": "jira.auditing.system.license.added", - "action": "New license added", - "categoryI18nKey": "jira.auditing.category.system", - "category": "system" - }, "changed_values": [ { "i18nKey": "admin.license.date.purchased", @@ -6318,24 +6374,25 @@ "key": "jira-software", "to": "-1" } - ] + ], + "method": "Browser", + "type": { + "action": "New license added", + "actionI18nKey": "jira.auditing.system.license.added", + "category": "system", + "categoryI18nKey": "jira.auditing.category.system" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.584Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6345,41 +6402,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.584Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.584Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.global.permission.added", "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208758186Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.584Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6391,24 +6448,25 @@ "key": "Permission", "to": "Manage Group Filter Subscriptions" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.583Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6418,41 +6476,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.583Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.583Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208759413Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.583Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6464,24 +6522,25 @@ "key": "Permission", "to": "Create Shared Objects" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.581Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6491,41 +6550,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.581Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.581Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208760618Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.581Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6537,24 +6596,25 @@ "key": "Permission", "to": "Bulk Change" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.579Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6564,41 +6624,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.579Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"timestamp\":\"2021-11-22T00:05:08.579Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:18.208761825Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-22T00:05:08.579Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "actionI18nKey": "jira.auditing.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions" - }, "changed_values": [ { "i18nKey": "admin.common.words.group", @@ -6610,24 +6670,25 @@ "key": "Permission", "to": "Browse Users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.514Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -6637,28 +6698,37 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.514Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.group.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208763038Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.514Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ "group", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" + ] }, - "user": { - "name": "Anonymous", - "id": "-2" + "group": { + "name": "jira-software-users" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", @@ -6666,103 +6736,90 @@ "uri": "http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users" } ], + "method": "Browser", "type": { - "actionI18nKey": "jira.auditing.group.created", "action": "Group created", - "categoryI18nKey": "jira.auditing.category.groupmanagement", - "category": "group management" + "actionI18nKey": "jira.auditing.group.created", + "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement" } } }, - "group": { - "name": "jira-software-users" - } - }, - { - "@timestamp": "2021-11-28T18:18:26.076Z", - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "admin.user", - "admin.user1" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.100.100.2" + "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.100.100.2", - "ip": "10.100.100.2" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-28T18:18:26.076Z", + "ecs": { + "version": "8.0.0" }, "event": { "action": "jira.auditing.user.renamed", + "ingested": "2022-02-24T20:23:18.208764265Z", + "kind": "event", "original": "{\"timestamp\":\"2021-11-28T18:18:26.076Z\",\"author\":{\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"from\":\"admin.user\",\"to\":\"admin.user1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "admin.user", - "changes": { - "name": "admin.user1" - }, - "id": "10000", - "target": { - "name": "admin.user" - } - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin.user1", "id": "JIRAUSER10000", + "name": "admin.user1", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1" } ], - "type": { - "actionI18nKey": "jira.auditing.user.renamed", - "action": "User renamed", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "from": "admin.user", - "to": "admin.user1", "i18nKey": "common.words.username", - "key": "Username" + "key": "Username", + "to": "admin.user1" } - ] + ], + "method": "Browser", + "type": { + "action": "User renamed", + "actionI18nKey": "jira.auditing.user.renamed", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } } - } - }, - { - "@timestamp": "2021-11-28T18:23:20.278Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "admin.user1" - ], "hosts": [ "jira.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin.user", + "admin.user1" ] }, "service": { @@ -6772,75 +6829,74 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "jira.auditing.user.updated", - "original": "{\"timestamp\":\"2021-11-28T18:23:20.278Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"from\":\"admin@example.com\",\"to\":\"admin1@example.com\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin.user1", "changes": { - "email": "admin1@example.com" + "name": "admin.user1" }, "id": "10000", + "name": "admin.user", "target": { - "name": "admin.user1", - "email": "admin@example.com", - "id": "JIRAUSER10000" + "name": "admin.user" } + } + }, + { + "@timestamp": "2021-11-28T18:23:20.278Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.user.updated", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208765503Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T18:23:20.278Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"from\":\"admin@example.com\",\"to\":\"admin1@example.com\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin.user1", "id": "JIRAUSER10000", + "name": "admin.user1", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1" } ], - "type": { - "actionI18nKey": "jira.auditing.user.updated", - "action": "User updated", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "from": "admin@example.com", - "to": "admin1@example.com", "i18nKey": "common.words.email", - "key": "Email" + "key": "Email", + "to": "admin1@example.com" } - ] + ], + "method": "Browser", + "type": { + "action": "User updated", + "actionI18nKey": "jira.auditing.user.updated", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } } - } - }, - { - "@timestamp": "2021-11-28T18:23:13.741Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "admin.user1" - ], "hosts": [ "jira.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin.user1" ] }, "service": { @@ -6850,58 +6906,98 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "jira.auditing.user.updated", - "original": "{\"timestamp\":\"2021-11-28T18:23:13.741Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"from\":\"Admin User\",\"to\":\"Admin User1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin.user1", "changes": { - "full_name": "Admin User1" + "email": "admin1@example.com" }, "id": "10000", + "name": "admin.user1", "target": { - "name": "admin.user1", - "full_name": "Admin User", - "id": "JIRAUSER10000" + "email": "admin@example.com", + "id": "JIRAUSER10000", + "name": "admin.user1" } + } + }, + { + "@timestamp": "2021-11-28T18:23:13.741Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.user.updated", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:18.208766776Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T18:23:13.741Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"from\":\"Admin User\",\"to\":\"Admin User1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "admin.user1", "id": "JIRAUSER10000", + "name": "admin.user1", "type": "USER", "uri": "http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1" } ], - "type": { - "actionI18nKey": "jira.auditing.user.updated", - "action": "User updated", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management" - }, "changed_values": [ { "from": "Admin User", - "to": "Admin User1", "i18nKey": "common.words.fullname", - "key": "Full name" + "key": "Full name", + "to": "Admin User1" } - ] + ], + "method": "Browser", + "type": { + "action": "User updated", + "actionI18nKey": "jira.auditing.user.updated", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement" + } + } + }, + "related": { + "hosts": [ + "jira.internal" + ], + "ip": [ + "10.100.100.2" + ], + "user": [ + "admin.user1" + ] + }, + "service": { + "address": "http://jira.internal:8088" + }, + "source": { + "address": "10.100.100.2", + "ip": "10.100.100.2" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "full_name": "Admin User1" + }, + "id": "10000", + "name": "admin.user1", + "target": { + "full_name": "Admin User", + "id": "JIRAUSER10000", + "name": "admin.user1" } } } diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 9e89e02c7ef..511dfb47ad5 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -5,80 +5,50 @@ "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "Anonymous" - ], - "hosts": [ - "jira.internal" - ], - "ip": [ - "10.50.33.72" - ] - }, - "service": { - "address": "http://jira.internal:8088" - }, - "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" - }, "event": { "action": "jira.auditing.group.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:26.113578087Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"jira.auditing.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":514000000},\"version\":\"1.0\"}", "type": [ "group", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" + ] }, - "user": { - "name": "Anonymous", - "id": "-2" + "group": { + "name": "jira-software-users" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", "type": "GROUP" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "Group created", "actionI18nKey": "jira.auditing.group.created", - "categoryI18nKey": "jira.auditing.category.groupmanagement", + "area": "USER_MANAGEMENT", "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement", "level": "BASE" } } }, - "group": { - "name": "jira-software-users" - } - }, - { - "@timestamp": "2021-11-22T00:05:08.579Z", - "ecs": { - "version": "8.2.0" - }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -88,43 +58,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.579Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":579000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113580723Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":579000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -136,24 +104,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.581Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -163,43 +134,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.581Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":581000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113581870Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":581000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -211,24 +180,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.583Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -238,43 +210,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.583Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":583000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113582965Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":583000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -286,24 +256,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.584Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -313,43 +286,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.584Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":584000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], + "ingested": "2022-02-24T20:23:26.113584107Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":584000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -361,24 +332,27 @@ "key": "Group", "to": "jira-software-users" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:05:08.596Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -388,37 +362,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:05:08.596Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.system.license.added", + "ingested": "2022-02-24T20:23:26.113585164Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\"}],\"auditType\":{\"action\":\"New license added\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"system\",\"categoryI18nKey\":\"jira.auditing.category.system\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"admin.license.organisation\",\"key\":\"Organization\",\"to\":\"myself\"},{\"i18nKey\":\"admin.license.date.purchased\",\"key\":\"Date Purchased\",\"to\":\"21/Nov/21\"},{\"i18nKey\":\"admin.license.type\",\"key\":\"License Type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"i18nKey\":\"admin.server.id\",\"key\":\"Server ID\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"i18nKey\":\"admin.license.sen\",\"key\":\"Support Entitlement Number (SEN)\",\"to\":\"SEN-L17782970\"},{\"i18nKey\":\"admin.license.user.limit\",\"key\":\"User Limit\",\"to\":\"Unlimited\"},{\"i18nKey\":\"jira-software\",\"key\":\"jira-software\",\"to\":\"-1\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":596000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "SEN-L17782970", - "type": "LICENSE", - "id": "0" + "type": "LICENSE" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New license added", - "actionI18nKey": "jira.auditing.system.license.added", - "categoryI18nKey": "jira.auditing.category.system", - "category": "system", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.license.organisation", @@ -455,25 +427,27 @@ "key": "jira-software", "to": "-1" } - ] + ], + "method": "Browser", + "type": { + "action": "New license added", + "actionI18nKey": "jira.auditing.system.license.added", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "system", + "categoryI18nKey": "jira.auditing.category.system", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.600Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -483,52 +457,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.600Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.user.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:26.113586234Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"jira.auditing.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"user management\",\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.username\",\"key\":\"Username\",\"to\":\"test.user\"},{\"i18nKey\":\"common.words.fullname\",\"key\":\"Full name\",\"to\":\"Alex\"},{\"i18nKey\":\"common.words.email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"admin.common.phrases.active.inactive\",\"key\":\"Active / Inactive\",\"to\":\"Active\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":600000000},\"version\":\"1.0\"}", "type": [ "user", "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "changes": { - "name": "test.user", - "email": "test.user@example.com", - "full_name": "Alex" - }, - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000" - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "jira.auditing.user.created", - "categoryI18nKey": "jira.auditing.category.usermanagement", - "category": "user management", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.username", @@ -550,25 +513,28 @@ "key": "Active / Inactive", "to": "Active" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "jira.auditing.user.created", + "area": "USER_MANAGEMENT", + "category": "user management", + "categoryI18nKey": "jira.auditing.category.usermanagement", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.734Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -578,71 +544,75 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "changes": { + "email": "test.user@example.com", + "full_name": "Alex", + "name": "test.user" + }, + "id": "-2", + "name": "Anonymous", + "target": { + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.734Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:26.113587298Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":734000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-administrators" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-administrators", "type": "GROUP" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "jira.auditing.user.added.to.group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", + "area": "USER_MANAGEMENT", "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.750Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -652,43 +622,48 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-administrators" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:49.750Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":750000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113588371Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":750000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ - { - "name": "Global Permissions", - "type": "PERMISSIONS" - } - ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, + { + "name": "Global Permissions", + "type": "PERMISSIONS" + } + ], "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -700,24 +675,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.751Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -727,43 +705,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.751Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":751000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113589451Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":751000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -775,24 +751,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.752Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -802,43 +781,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.752Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":752000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113590515Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":752000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -850,24 +827,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.754Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -877,43 +857,41 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.754Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.global.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":754000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], "category": [ "iam", "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113591836Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":754000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Global Permissions", "type": "PERMISSIONS" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "jira.auditing.global.permission.added", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -925,25 +903,27 @@ "key": "Group", "to": "jira-administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "jira.auditing.global.permission.added", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:49.756Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous", - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -953,71 +933,66 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:49.756Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.user.added.to.group", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:26.113592886Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":756000000},\"version\":\"1.0\"}", "type": [ "group", "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2", - "target": { - "name": "test.user", - "id": "JIRAUSER10000", - "group": { - "name": "jira-software-users" - } - } + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "jira-software-users", "type": "GROUP" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "jira.auditing.user.added.to.group", - "categoryI18nKey": "jira.auditing.category.groupmanagement", + "area": "USER_MANAGEMENT", "category": "group management", + "categoryI18nKey": "jira.auditing.category.groupmanagement", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.138Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous", + "test.user" ] }, "service": { @@ -1027,37 +1002,42 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous", + "target": { + "group": { + "name": "jira-software-users" + }, + "id": "JIRAUSER10000", + "name": "test.user" + } + } + }, + { + "@timestamp": "2021-11-22T00:06:57.138Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113593960Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":138000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1074,24 +1054,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.158Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1101,71 +1084,72 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.158Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113595048Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"Manage Sprints\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"\"},{\"from\":\"Project Role\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"\"},{\"from\":\"Administrators\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":158000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { - "i18nKey": "admin.common.words.permission", "from": "Manage Sprints", + "i18nKey": "admin.common.words.permission", "key": "Permission" }, { - "i18nKey": "admin.common.words.type", "from": "Project Role", + "i18nKey": "admin.common.words.type", "key": "Type" }, { - "i18nKey": "admin.common.words.value", "from": "Administrators", + "i18nKey": "admin.common.words.value", "key": "Value" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:57.162Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1175,37 +1159,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:57.162Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113596120Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":162000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -1222,24 +1204,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.318Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1249,37 +1234,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.318Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113597235Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10100\",\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Team\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Team\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":318000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10100", "name": "Team", - "type": "CUSTOM_FIELD", - "id": "customfield_10100" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1291,24 +1274,27 @@ "key": "Type", "to": "Team" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.974Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1318,37 +1304,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.974Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113598274Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Parent Link\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Parent Link\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":974000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10101", "name": "Parent Link", - "type": "CUSTOM_FIELD", - "id": "customfield_10101" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1360,24 +1344,27 @@ "key": "Type", "to": "Parent Link" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:58.990Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1387,54 +1374,55 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:58.990Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "ingested": "2022-02-24T20:23:26.113599351Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":990000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10101", "name": "Parent Link", - "type": "CUSTOM_FIELD", - "id": "customfield_10101" + "type": "CUSTOM_FIELD" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Custom field updated", "actionI18nKey": "jira.auditing.customfield.updated", - "categoryI18nKey": "jira.auditing.category.fields", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.224Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1444,37 +1432,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.224Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113600414Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target start\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target start\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":224000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10102", "name": "Target start", - "type": "CUSTOM_FIELD", - "id": "customfield_10102" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1491,24 +1477,27 @@ "key": "Type", "to": "Target start" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1518,37 +1507,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.266Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113601490Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target end\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target end\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":266000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10103", "name": "Target end", - "type": "CUSTOM_FIELD", - "id": "customfield_10103" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1565,24 +1552,27 @@ "key": "Type", "to": "Target end" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.313Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1592,37 +1582,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.313Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113602564Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10104\",\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Original story points\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Original story points\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":313000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10104", "name": "Original story points", - "type": "CUSTOM_FIELD", - "id": "customfield_10104" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1634,24 +1622,27 @@ "key": "Type", "to": "Original story points" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.332Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1661,54 +1652,55 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.332Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "ingested": "2022-02-24T20:23:26.113603627Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":332000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10102", "name": "Target start", - "type": "CUSTOM_FIELD", - "id": "customfield_10102" + "type": "CUSTOM_FIELD" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Custom field updated", "actionI18nKey": "jira.auditing.customfield.updated", - "categoryI18nKey": "jira.auditing.category.fields", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.340Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1718,54 +1710,55 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.340Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.updated", + "ingested": "2022-02-24T20:23:26.113604732Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":340000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10103", "name": "Target end", - "type": "CUSTOM_FIELD", - "id": "customfield_10103" + "type": "CUSTOM_FIELD" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Custom field updated", "actionI18nKey": "jira.auditing.customfield.updated", - "categoryI18nKey": "jira.auditing.category.fields", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.485Z", - "ecs": { - "version": "8.2.0" }, - "related": { - "user": [ - "Anonymous" - ], + "related": { "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1775,59 +1768,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.485Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":485000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113605790Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":485000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Epic", - "type": "ISSUE_TYPE", - "id": "10000" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Issue type created", "actionI18nKey": "jira.auditing.issue.type.created", - "categoryI18nKey": "jira.auditing.category.issuetypes", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:06:59.522Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1837,37 +1831,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:06:59.522Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113606888Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10105\",\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Name\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Provide a short name to identify this epic.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Name of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":522000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10105", "name": "Epic Name", - "type": "CUSTOM_FIELD", - "id": "customfield_10105" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1884,24 +1876,27 @@ "key": "Type", "to": "Name of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.644Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1911,37 +1906,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.644Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113607979Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10106\",\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Status\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Status of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":644000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10106", "name": "Epic Status", - "type": "CUSTOM_FIELD", - "id": "customfield_10106" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -1958,24 +1951,27 @@ "key": "Type", "to": "Status of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:01.669Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -1985,37 +1981,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:01.669Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113609084Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10107\",\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Colour\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Colour of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":669000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10107", "name": "Epic Colour", - "type": "CUSTOM_FIELD", - "id": "customfield_10107" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2032,24 +2026,27 @@ "key": "Type", "to": "Colour of Epic" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.694Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2059,37 +2056,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.694Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113610166Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10108\",\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Sprint\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Jira Software sprint field\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Jira Sprint Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":694000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10108", "name": "Sprint", - "type": "CUSTOM_FIELD", - "id": "customfield_10108" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2106,24 +2101,27 @@ "key": "Type", "to": "Jira Sprint Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.725Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2133,37 +2131,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.725Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113611247Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10109\",\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Link\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Epic Link Relationship\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":725000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "Anonymous", - "id": "-2" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10109", "name": "Epic Link", - "type": "CUSTOM_FIELD", - "id": "customfield_10109" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2180,24 +2176,27 @@ "key": "Type", "to": "Epic Link Relationship" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:02.794Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2207,37 +2206,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:02.794Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113612302Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10110\",\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Rank\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Global Rank\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":794000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10110", "name": "Rank", - "type": "CUSTOM_FIELD", - "id": "customfield_10110" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2254,24 +2251,27 @@ "key": "Type", "to": "Global Rank" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.370Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2281,59 +2281,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.370Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.issue.type.created", - "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Story\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":37000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113613371Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Story\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":37000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Story", - "type": "ISSUE_TYPE", - "id": "10001" + "type": "ISSUE_TYPE" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Issue type created", "actionI18nKey": "jira.auditing.issue.type.created", - "categoryI18nKey": "jira.auditing.category.issuetypes", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "issue types", + "categoryI18nKey": "jira.auditing.category.issuetypes", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:07:09.880Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2343,37 +2344,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:07:09.880Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.customfield.created", + "ingested": "2022-02-24T20:23:26.113614427Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10111\",\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Story Points\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Number Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":88000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "customfield_10111", "name": "Story Points", - "type": "CUSTOM_FIELD", - "id": "customfield_10111" + "type": "CUSTOM_FIELD" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Custom field created", - "actionI18nKey": "jira.auditing.customfield.created", - "categoryI18nKey": "jira.auditing.category.fields", - "category": "fields", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2390,24 +2389,27 @@ "key": "Type", "to": "Number Field" } - ] + ], + "method": "Browser", + "type": { + "action": "Custom field created", + "actionI18nKey": "jira.auditing.customfield.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "fields", + "categoryI18nKey": "jira.auditing.category.fields", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.534Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "Anonymous" ] }, "service": { @@ -2417,61 +2419,62 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.534Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:26.113615494Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Done\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"Work has been completed on this issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":534000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Done", - "type": "RESOLUTION", - "id": "10000" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "Work has been completed on this issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2481,61 +2484,62 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.535Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:26.113616636Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Won't Do\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"This issue won't be actioned.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":535000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Won't Do", - "type": "RESOLUTION", - "id": "10001" + "type": "RESOLUTION" + } + ], + "extra_attributes": [ + { + "name": "Description", + "nameI18nKey": "common.concepts.description", + "value": "This issue won't be actioned." } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "New resolution created", "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", "level": "BASE" - }, - "extra_attributes": [ - { - "name": "Description", - "nameI18nKey": "common.concepts.description", - "value": "This issue won't be actioned." - } - ] + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.536Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2545,61 +2549,62 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.536Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:26.113617697Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Duplicate\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"The problem is a duplicate of an existing issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":536000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10002", "name": "Duplicate", - "type": "RESOLUTION", - "id": "10002" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "The problem is a duplicate of an existing issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.537Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2609,61 +2614,62 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.537Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.resolutions.created", + "ingested": "2022-02-24T20:23:26.113618787Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10003\",\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":537000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10003", "name": "Cannot Reproduce", - "type": "RESOLUTION", - "id": "10003" + "type": "RESOLUTION" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "New resolution created", - "actionI18nKey": "jira.auditing.resolutions.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "extra_attributes": [ { "name": "Description", "nameI18nKey": "common.concepts.description", "value": "All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue." } - ] + ], + "method": "Browser", + "type": { + "action": "New resolution created", + "actionI18nKey": "jira.auditing.resolutions.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.710Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2673,37 +2679,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.710Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.workflow.created", + "ingested": "2022-02-24T20:23:26.113619835Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"Software Simplified Workflow for Project TEST\",\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\"}],\"auditType\":{\"action\":\"Workflow created\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.workflowtransition.transition\",\"key\":\"Transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"},{\"i18nKey\":\"common.words.status\",\"key\":\"Status\",\"to\":\"To Do, In Progress, Done\"},{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":710000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "Software Simplified Workflow for Project TEST", "name": "Software Simplified Workflow for Project TEST", - "type": "WORKFLOW", - "id": "Software Simplified Workflow for Project TEST" + "type": "WORKFLOW" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Workflow created", - "actionI18nKey": "jira.auditing.workflow.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.workflowtransition.transition", @@ -2725,24 +2729,27 @@ "key": "Description", "to": "Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow." } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow created", + "actionI18nKey": "jira.auditing.workflow.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.732Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2752,37 +2759,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.732Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.workflow.scheme.created", + "ingested": "2022-02-24T20:23:26.113620913Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme created\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":732000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10100", "name": "TEST: Software Simplified Workflow Scheme", - "type": "SCHEME", - "id": "10100" + "type": "SCHEME" } ], - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Workflow scheme created", - "actionI18nKey": "jira.auditing.workflow.scheme.created", - "categoryI18nKey": "jira.auditing.category.workflows", - "category": "workflows", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2794,24 +2799,27 @@ "key": "Description", "to": "Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme." } - ] + ], + "method": "Browser", + "type": { + "action": "Workflow scheme created", + "actionI18nKey": "jira.auditing.workflow.scheme.created", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.746Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2821,59 +2829,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.746Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", + "ingested": "2022-02-24T20:23:26.113621984Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme added to project\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":746000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "10100", "name": "TEST: Software Simplified Workflow Scheme", - "type": "SCHEME", - "id": "10100" + "type": "SCHEME" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "Workflow scheme added to project", "actionI18nKey": "jira.auditing.workflow.scheme.added.to.project", - "categoryI18nKey": "jira.auditing.category.workflows", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "workflows", + "categoryI18nKey": "jira.auditing.category.workflows", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:33.887Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2883,47 +2892,45 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:33.887Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.filter.created", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Filter for TEST board\",\"type\":\"FILTER\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Filter created\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"filters\",\"categoryI18nKey\":\"jira.auditing.category.filters\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Filter for TEST board\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.owner\",\"key\":\"Owner\",\"to\":\"test.user\"},{\"from\":\"[]\",\"i18nKey\":\"common.concepts.shared.with\",\"key\":\"Shared with\",\"to\":\"[Project: test (VIEW)]\"},{\"from\":\"\",\"i18nKey\":\"jira.jql.query\",\"key\":\"JQL Query\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":887000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "ingested": "2022-02-24T20:23:26.113623068Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Filter for TEST board\",\"type\":\"FILTER\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Filter created\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"filters\",\"categoryI18nKey\":\"jira.auditing.category.filters\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Filter for TEST board\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.owner\",\"key\":\"Owner\",\"to\":\"test.user\"},{\"from\":\"[]\",\"i18nKey\":\"common.concepts.shared.with\",\"key\":\"Shared with\",\"to\":\"[Project: test (VIEW)]\"},{\"from\":\"\",\"i18nKey\":\"jira.jql.query\",\"key\":\"JQL Query\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":887000000},\"version\":\"1.0\"}", + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Filter for TEST board", - "type": "FILTER", - "id": "10000" + "type": "FILTER" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Filter created", - "actionI18nKey": "jira.auditing.filter.created", - "categoryI18nKey": "jira.auditing.category.filters", - "category": "filters", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -2941,33 +2948,36 @@ }, { "from": "[]", - "to": "[Project: test (VIEW)]", "i18nKey": "common.concepts.shared.with", - "key": "Shared with" + "key": "Shared with", + "to": "[Project: test (VIEW)]" }, { "i18nKey": "jira.jql.query", "key": "JQL Query", "to": "{project = \"TEST\"} order by Rank ASC" } - ] + ], + "method": "Browser", + "type": { + "action": "Filter created", + "actionI18nKey": "jira.auditing.filter.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "filters", + "categoryI18nKey": "jira.auditing.category.filters", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.720Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -2977,59 +2987,60 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.720Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "Board created", + "ingested": "2022-02-24T20:23:26.113624152Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"},{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"}],\"auditType\":{\"action\":\"Board created\",\"actionI18nKey\":\"Board created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"boards\",\"categoryI18nKey\":\"jira.auditing.category.boards\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":72000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "1", "name": "TEST board", - "type": "BOARD", - "id": "1" + "type": "BOARD" }, { + "id": "1", "name": "TEST board", - "type": "BOARD", - "id": "1" + "type": "BOARD" } ], + "method": "Browser", "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "action": "Board created", "actionI18nKey": "Board created", - "categoryI18nKey": "jira.auditing.category.boards", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "category": "boards", + "categoryI18nKey": "jira.auditing.category.boards", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.142Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3039,37 +3050,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.142Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.created", + "ingested": "2022-02-24T20:23:26.113625238Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme created\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Default software scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Default scheme for Software projects.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":142000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme created", - "actionI18nKey": "jira.auditing.permission.scheme.created", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -3081,24 +3090,27 @@ "key": "Description", "to": "Default scheme for Software projects." } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme created", + "actionI18nKey": "jira.auditing.permission.scheme.created", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.151Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3108,37 +3120,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.151Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113626316Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":151000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3150,24 +3160,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.163Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3177,37 +3190,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.163Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113627401Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":163000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3219,24 +3230,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.165Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3246,37 +3260,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.165Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113628443Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":165000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3288,24 +3300,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.166Z", - "ecs": { - "version": "8.2.0" - }, - "related": { - "user": [ - "test.user" - ], + }, + "related": { "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3315,37 +3330,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.166Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113629485Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assign Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":166000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3357,24 +3370,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.168Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3384,37 +3400,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.168Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113630529Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Resolve Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":168000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3426,24 +3440,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.171Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3453,37 +3470,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.171Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113631578Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Add Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":171000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3495,24 +3510,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.173Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3522,37 +3540,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.173Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113632643Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":173000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3569,24 +3585,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.174Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3596,37 +3615,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.174Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113633774Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assignable User\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":174000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3638,24 +3655,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.176Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3665,37 +3685,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, - "event": { - "action": "jira.auditing.permission.scheme.updated", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Close Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":176000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" - }, "tags": [ "preserve_original_event" ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.176Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113634857Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Close Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":176000000},\"version\":\"1.0\"}", + "type": "info" + }, "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3707,24 +3725,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.178Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3734,37 +3755,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.178Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113635924Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":178000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3776,24 +3795,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.180Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3803,37 +3825,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.180Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113637040Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Work On Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":180000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3845,24 +3865,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.182Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3872,37 +3895,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.182Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113638101Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Link Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":182000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3914,24 +3935,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.184Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -3941,37 +3965,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.184Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113639179Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Administer Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":184000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -3988,24 +4010,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.187Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4015,37 +4040,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.187Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113640244Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Move Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":187000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4057,24 +4080,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.190Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4084,37 +4110,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.190Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113641293Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Schedule Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":190000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4126,24 +4150,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.204Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4153,37 +4180,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.204Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113642375Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Modify Reporter\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":204000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4200,24 +4225,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.208Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4227,37 +4255,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.208Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113643468Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Voters and Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":208000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4269,24 +4295,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.210Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4296,37 +4325,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.210Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113644573Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":210000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4343,24 +4370,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.212Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4370,37 +4400,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.212Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113645653Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":212000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4417,24 +4445,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.215Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4444,37 +4475,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.215Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113646712Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":215000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4486,24 +4515,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.217Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4513,37 +4545,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.217Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113647772Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":217000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4560,24 +4590,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.219Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4587,37 +4620,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.219Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113648845Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":219000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4629,24 +4660,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.221Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4656,37 +4690,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.221Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113649916Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":221000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4703,24 +4735,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.223Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4730,37 +4765,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.223Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113650987Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":223000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4772,24 +4805,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.225Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4799,37 +4835,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.225Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113652059Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":225000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4841,24 +4875,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.227Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4868,37 +4905,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.227Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113653109Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":227000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4915,24 +4950,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.229Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -4942,37 +4980,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.229Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113654179Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":229000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -4984,24 +5020,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.231Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5011,37 +5050,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.231Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113656857Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":231000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5058,24 +5095,27 @@ "key": "Value", "to": "Administrators" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.233Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5085,37 +5125,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.233Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113657952Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Read-Only Workflow\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":233000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5127,24 +5165,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.235Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5154,37 +5195,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.235Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113659041Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Transition Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":235000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5196,24 +5235,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.236Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5223,37 +5265,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.236Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113660110Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Development Tools\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":236000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5265,24 +5305,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.239Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5292,37 +5335,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.239Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113661237Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":239000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5334,24 +5375,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.241Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5361,37 +5405,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.241Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113662341Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Start/Complete Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":241000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5403,24 +5445,27 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.243Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5430,37 +5475,35 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.243Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.permission.scheme.updated", + "ingested": "2022-02-24T20:23:26.113663425Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":243000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], - "type": { - "area": "PERMISSIONS", - "action": "Permission scheme updated", - "actionI18nKey": "jira.auditing.permission.scheme.updated", - "categoryI18nKey": "jira.auditing.category.permissions", - "category": "permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.permission", @@ -5472,166 +5515,171 @@ "key": "Type", "to": "Application access" } - ] + ], + "method": "Browser", + "type": { + "action": "Permission scheme updated", + "actionI18nKey": "jira.auditing.permission.scheme.updated", + "area": "PERMISSIONS", + "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.249Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "175.16.199.1" + "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", - "city_name": "Changchun", - "country_iso_code": "CN", - "country_name": "China", - "region_name": "Jilin Sheng", - "location": { - "lon": 125.3228, - "lat": 43.88 - } - }, - "address": "175.16.199.1", - "ip": "175.16.199.1" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.249Z", + "ecs": { + "version": "8.0.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme removed from project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":249000000},\"version\":\"1.0\"}", - "type": [ - "deletion" - ], "category": [ "configuration", "iam" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "ingested": "2022-02-24T20:23:26.113664498Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme removed from project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":249000000},\"version\":\"1.0\"}", + "type": [ + "deletion" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "0", "name": "Default Permission Scheme", - "type": "SCHEME", - "id": "0" + "type": "SCHEME" } ], + "method": "Browser", "type": { - "area": "PERMISSIONS", "action": "Permission scheme removed from project", "actionI18nKey": "jira.auditing.permission.scheme.removed.from.project", - "categoryI18nKey": "jira.auditing.category.permissions", + "area": "PERMISSIONS", "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.266Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.50.33.72" + "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" + "address": "175.16.199.1", + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.266Z", + "ecs": { + "version": "8.0.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", + "ingested": "2022-02-24T20:23:26.113665581Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme added to project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":266000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "10000", "name": "Default software scheme", - "type": "SCHEME", - "id": "10000" + "type": "SCHEME" } ], + "method": "Browser", "type": { - "area": "PERMISSIONS", "action": "Permission scheme added to project", "actionI18nKey": "jira.auditing.permission.scheme.added.to.project", - "categoryI18nKey": "jira.auditing.category.permissions", + "area": "PERMISSIONS", "category": "permissions", + "categoryI18nKey": "jira.auditing.category.permissions", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.297Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5641,47 +5689,45 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.297Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.project.created", - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"jira.auditing.project.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"test\"},{\"i18nKey\":\"common.words.key\",\"key\":\"Key\",\"to\":\"TEST\"},{\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\",\"to\":\"\"},{\"i18nKey\":\"common.concepts.projectlead\",\"key\":\"Project Lead\",\"to\":\"test.user\"},{\"i18nKey\":\"admin.projects.default.assignee\",\"key\":\"Default Assignee\",\"to\":\"Unassigned\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":297000000},\"version\":\"1.0\"}", - "type": [ - "creation" - ], "category": [ "configuration" ], - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "ingested": "2022-02-24T20:23:26.113666652Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"jira.auditing.project.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"test\"},{\"i18nKey\":\"common.words.key\",\"key\":\"Key\",\"to\":\"TEST\"},{\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\",\"to\":\"\"},{\"i18nKey\":\"common.concepts.projectlead\",\"key\":\"Project Lead\",\"to\":\"test.user\"},{\"i18nKey\":\"admin.projects.default.assignee\",\"key\":\"Default Assignee\",\"to\":\"Unassigned\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":297000000},\"version\":\"1.0\"}", + "type": [ + "creation" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" }, { + "id": "JIRAUSER10000", "name": "test.user", - "type": "USER", - "id": "JIRAUSER10000" + "type": "USER" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project created", - "actionI18nKey": "jira.auditing.project.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5707,24 +5753,27 @@ "key": "Default Assignee", "to": "Unassigned" } - ] + ], + "method": "Browser", + "type": { + "action": "Project created", + "actionI18nKey": "jira.auditing.project.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.506Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5734,66 +5783,67 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.506Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.project.roles.changed", + "ingested": "2022-02-24T20:23:26.113667709Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project roles changed\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.common.words.users\",\"key\":\"Users\",\"to\":\"JIRAUSER10000\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":506000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10100", "name": "Developers", - "type": "PROJECT_ROLE", - "id": "10100" + "type": "PROJECT_ROLE" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project roles changed", - "actionI18nKey": "jira.auditing.project.roles.changed", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "admin.common.words.users", "key": "Users", "to": "JIRAUSER10000" } - ] + ], + "method": "Browser", + "type": { + "action": "Project roles changed", + "actionI18nKey": "jira.auditing.project.roles.changed", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.521Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -5803,42 +5853,40 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.521Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.version.created", + "ingested": "2022-02-24T20:23:26.113668769Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 1.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-14\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":521000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Version 1.0", - "type": "VERSION", - "id": "10000" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project version created", - "actionI18nKey": "jira.auditing.version.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5850,143 +5898,145 @@ "key": "Release date", "to": "2021-11-14" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.535Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "175.16.199.1" + "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "geo": { - "continent_name": "Asia", - "region_iso_code": "CN-22", - "city_name": "Changchun", - "country_iso_code": "CN", - "country_name": "China", - "region_name": "Jilin Sheng", - "location": { - "lon": 125.3228, - "lat": 43.88 - } - }, - "address": "175.16.199.1", - "ip": "175.16.199.1" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.535Z", + "ecs": { + "version": "8.0.0" }, "event": { "action": "jira.auditing.version.released", + "ingested": "2022-02-24T20:23:26.113669833Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version released\",\"actionI18nKey\":\"jira.auditing.version.released\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":535000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "Version 1.0", - "type": "VERSION", - "id": "10000" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], + "method": "Browser", "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "action": "Project version released", "actionI18nKey": "jira.auditing.version.released", - "categoryI18nKey": "jira.auditing.category.projects", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", "level": "BASE" } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.543Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.50.33.72" + "175.16.199.1" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.50.33.72", - "ip": "10.50.33.72" + "address": "175.16.199.1", + "geo": { + "city_name": "Changchun", + "continent_name": "Asia", + "country_iso_code": "CN", + "country_name": "China", + "location": { + "lat": 43.88, + "lon": 125.3228 + }, + "region_iso_code": "CN-22", + "region_name": "Jilin Sheng" + }, + "ip": "175.16.199.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.543Z", + "ecs": { + "version": "8.0.0" }, "event": { "action": "jira.auditing.version.created", + "ingested": "2022-02-24T20:23:26.113670903Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Version 2.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 2.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-28\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":543000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10001", "name": "Version 2.0", - "type": "VERSION", - "id": "10001" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project version created", - "actionI18nKey": "jira.auditing.version.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", @@ -5998,24 +6048,27 @@ "key": "Release date", "to": "2021-11-28" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:08:34.545Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -6025,66 +6078,67 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:08:34.545Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "jira.auditing.version.created", + "ingested": "2022-02-24T20:23:26.113671962Z", + "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Version 3.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 3.0\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":545000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "test.user", - "id": "10000" + "type": "info" }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10002", "name": "Version 3.0", - "type": "VERSION", - "id": "10002" + "type": "VERSION" }, { + "id": "10000", "name": "test", - "type": "PROJECT", - "id": "10000" + "type": "PROJECT" } ], - "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", - "action": "Project version created", - "actionI18nKey": "jira.auditing.version.created", - "categoryI18nKey": "jira.auditing.category.projects", - "category": "projects", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "common.words.name", "key": "Name", "to": "Version 3.0" } - ] + ], + "method": "Browser", + "type": { + "action": "Project version created", + "actionI18nKey": "jira.auditing.version.created", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", + "category": "projects", + "categoryI18nKey": "jira.auditing.category.projects", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-22T00:12:02.856Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "test.user" - ], "hosts": [ "jira.internal" ], "ip": [ "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { @@ -6094,30 +6148,28 @@ "address": "10.50.33.72", "ip": "10.50.33.72" }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-22T00:12:02.856Z", + "ecs": { + "version": "8.0.0" + }, "event": { "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:26.113673025Z", + "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"85\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 85\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539922,\"nano\":856000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" + "type": "info" }, - "user": { - "name": "test.user", - "id": "10000" - }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Results returned", @@ -6138,70 +6190,71 @@ "nameI18nKey": "atlassian.audit.event.attribute.id", "value": "1 - 85" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } - } - }, - { - "@timestamp": "2021-11-26T19:35:10.718Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "Anonymous" - ], "hosts": [ "jira.internal" ], "ip": [ - "172.17.0.1" + "10.50.33.72" + ], + "user": [ + "test.user" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "172.17.0.1", - "ip": "172.17.0.1" + "address": "10.50.33.72", + "ip": "10.50.33.72" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "test.user" + } + }, + { + "@timestamp": "2021-11-26T19:35:10.718Z", + "ecs": { + "version": "8.0.0" }, "event": { - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"jira.auditing.user.login.failed\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Current number of failed login attempts\",\"nameI18nKey\":\"jira.auditing.user.login.failed.count\",\"value\":\"2\"},{\"name\":\"Reason for failed login\",\"nameI18nKey\":\"jira.auditing.user.login.failed.reason\",\"value\":\"User couldn't be authenticated\"}],\"method\":\"Browser\",\"source\":\"172.17.0.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955310,\"nano\":718000000},\"version\":\"1.0\"}", - "kind": "event", "action": "jira.auditing.user.login.failed", - "type": [ - "info" - ], "category": [ "authentication" ], - "outcome": "failure" - }, - "user": { - "name": "Anonymous", - "id": "-2" + "ingested": "2022-02-24T20:23:26.113674100Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"jira.auditing.user.login.failed\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Current number of failed login attempts\",\"nameI18nKey\":\"jira.auditing.user.login.failed.count\",\"value\":\"2\"},{\"name\":\"Reason for failed login\",\"nameI18nKey\":\"jira.auditing.user.login.failed.reason\",\"value\":\"User couldn't be authenticated\"}],\"method\":\"Browser\",\"source\":\"172.17.0.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955310,\"nano\":718000000},\"version\":\"1.0\"}", + "outcome": "failure", + "type": [ + "info" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "admin.user", - "type": "USER", - "id": "10000" + "type": "USER" } ], - "type": { - "area": "SECURITY", - "action": "User login failed", - "actionI18nKey": "jira.auditing.user.login.failed", - "categoryI18nKey": "jira.auditing.category.login", - "category": "login", - "level": "FULL" - }, "extra_attributes": [ { "name": "Current number of failed login attempts", @@ -6213,71 +6266,106 @@ "nameI18nKey": "jira.auditing.user.login.failed.reason", "value": "User couldn't be authenticated" } - ] + ], + "method": "Browser", + "type": { + "action": "User login failed", + "actionI18nKey": "jira.auditing.user.login.failed", + "area": "SECURITY", + "category": "login", + "categoryI18nKey": "jira.auditing.category.login", + "level": "FULL" + } } - } - }, - { - "@timestamp": "2021-11-26T19:33:29.363Z", - "ecs": { - "version": "8.2.0" }, "related": { - "user": [ - "admin.user" - ], "hosts": [ "jira.internal" ], "ip": [ - "10.100.100.2" + "172.17.0.1" + ], + "user": [ + "Anonymous" ] }, "service": { "address": "http://jira.internal:8088" }, "source": { - "address": "10.100.100.2", - "ip": "10.100.100.2" + "address": "172.17.0.1", + "ip": "172.17.0.1" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "-2", + "name": "Anonymous" + } + }, + { + "@timestamp": "2021-11-26T19:33:29.363Z", + "ecs": { + "version": "8.0.0" }, "event": { - "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login successful\",\"actionI18nKey\":\"jira.auditing.user.logged.in\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=admin.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955209,\"nano\":363000000},\"version\":\"1.0\"}", - "kind": "event", "action": "jira.auditing.user.logged.in", - "type": [ - "start" - ], "category": [ "authentication" ], - "outcome": "success" - }, - "user": { - "name": "admin.user", - "id": "10000" + "ingested": "2022-02-24T20:23:26.113675163Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login successful\",\"actionI18nKey\":\"jira.auditing.user.logged.in\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=admin.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955209,\"nano\":363000000},\"version\":\"1.0\"}", + "outcome": "success", + "type": [ + "start" + ] }, - "tags": [ - "preserve_original_event" - ], "jira": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "10000", "name": "admin.user", - "type": "USER", - "id": "10000" + "type": "USER" } ], + "method": "Browser", "type": { - "area": "SECURITY", "action": "User login successful", "actionI18nKey": "jira.auditing.user.logged.in", - "categoryI18nKey": "jira.auditing.category.login", + "area": "SECURITY", "category": "login", + "categoryI18nKey": "jira.auditing.category.login", "level": "FULL" } } + }, + "related": { + "hosts": [ + "jira.internal" + ], + "ip": [ + "10.100.100.2" + ], + "user": [ + "admin.user" + ] + }, + "service": { + "address": "http://jira.internal:8088" + }, + "source": { + "address": "10.100.100.2", + "ip": "10.100.100.2" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "10000", + "name": "admin.user" } } ] From 5e2ffdbf7fa5c05585afdfce808459d641da5bd7 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 15:19:29 -0500 Subject: [PATCH 02/30] confluence: format test files before making other changes [git-generate] cd packages/atlassian_confluence elastic-package test pipeline -g --- .../pipeline/test-audit-api.log-expected.json | 13280 ++++++++-------- .../test-audit-files.log-expected.json | 4748 +++--- 2 files changed, 9137 insertions(+), 8891 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 50bdf4c2df6..a4590851d8b 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -1,15 +1,9 @@ { "expected": [ { + "@timestamp": "2021-11-23T00:44:36.398Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -30,68 +24,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:44:36.398Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212553956Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:44:36.398Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 178\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:44:36.398Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 178\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:43:12.188Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -112,68 +107,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:43:12.188Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212557830Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:43:12.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:43:12.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:45.280Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -194,68 +190,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:45.280Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212559405Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:45.280Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"77 - 176\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:45.280Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"77 - 176\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:17.165Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -276,68 +273,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:17.165Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212560821Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:17.165Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:17.165Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:16.741Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -358,68 +356,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:16.741Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212562228Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:16.741Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"75 - 174\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:16.741Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"75 - 174\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:41:07.156Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -440,68 +439,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:07.156Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212563827Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:07.156Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:07.156Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:41:06.871Z", + "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -522,68 +522,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:41:06.871Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212565244Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:41:06.871Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"73 - 172\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:41:06.871Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"73 - 172\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:40:32.595Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -604,68 +605,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:40:32.595Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212566864Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:40:32.595Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:40:32.595Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:40:32.138Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -686,82 +688,83 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:40:32.138Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212568321Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:40:32.138Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"71 - 170\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:40:32.138Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"71 - 170\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.908Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -778,89 +781,90 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.908Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212569740Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.908Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.908Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.904Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -877,89 +881,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.904Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212571197Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.904Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.904Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.899Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -976,87 +981,88 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.899Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212573080Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.899Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.899Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.895Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1068,89 +1074,90 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.895Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212574550Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.895Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.895Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.891Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1167,89 +1174,90 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.891Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212576023Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.891Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.891Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.887Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1266,89 +1274,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.887Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212577473Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.887Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.887Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.882Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1365,87 +1374,88 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.882Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212579025Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.882Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.882Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.877Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1457,89 +1467,90 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.877Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212580513Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.877Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.877Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.872Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1556,89 +1567,90 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.872Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212581966Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.872Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.872Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.868Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1655,89 +1667,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.868Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212583473Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.868Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.868Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.862Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1754,87 +1767,88 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.862Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212584842Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.862Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.862Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.858Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -1846,89 +1860,90 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.858Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212586359Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.858Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.858Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.853Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -1945,89 +1960,90 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.853Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212587788Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.853Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.853Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.848Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2044,89 +2060,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.848Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212589162Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.848Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.848Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.841Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2143,87 +2160,88 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.841Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212590629Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.841Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.841Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.832Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2235,89 +2253,90 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.832Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212592341Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.832Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.832Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.821Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2334,89 +2353,90 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.821Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212593741Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.821Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.821Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.811Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2433,89 +2453,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.811Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212595164Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.811Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.811Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.796Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2532,87 +2553,88 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.796Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212596533Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.796Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.796Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.785Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2624,89 +2646,90 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.785Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212597911Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.785Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.785Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.777Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2723,89 +2746,90 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.777Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212599455Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.777Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.777Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.770Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -2822,89 +2846,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.770Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212600859Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.770Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.770Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.756Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -2921,87 +2946,88 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.756Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212602364Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.756Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.756Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.751Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3013,89 +3039,90 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.751Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212603810Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.751Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.751Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.744Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3112,89 +3139,90 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.744Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212605230Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.744Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.744Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.728Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3211,89 +3239,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.728Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212606782Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.728Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.728Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.713Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3310,87 +3339,88 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.713Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212608274Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.713Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.713Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.705Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3402,89 +3432,90 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.705Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212609832Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.705Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.705Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.688Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3501,89 +3532,90 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.688Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212611258Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.688Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.688Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.675Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3600,89 +3632,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.675Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212612669Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.675Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.675Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.668Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3699,87 +3732,88 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.668Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212614093Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.668Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.668Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.654Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3791,89 +3825,90 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.654Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212615548Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.654Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.654Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.644Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -3890,89 +3925,90 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.644Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212616979Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.644Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.644Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.639Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -3989,89 +4025,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.639Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212618433Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.639Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.639Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.634Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4088,89 +4125,90 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.634Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212619872Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.634Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.634Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.628Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4187,89 +4225,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.628Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212621339Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.628Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.628Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.618Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4286,87 +4325,88 @@ "key": "Type", "to": "SETSPACEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.618Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212622727Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.618Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.618Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.612Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4378,89 +4418,90 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.612Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212624080Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.612Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.612Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.606Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4477,89 +4518,90 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.606Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212625510Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.606Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.606Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.596Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4576,89 +4618,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.596Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212626975Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.596Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.596Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.592Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4675,87 +4718,88 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.592Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212628412Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.592Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.592Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.588Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4767,89 +4811,90 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.588Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212629987Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.588Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.588Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.584Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -4866,89 +4911,90 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.584Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212631475Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.584Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.584Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.580Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -4965,89 +5011,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.580Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212632950Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.580Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.580Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.575Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5064,87 +5111,88 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.575Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212634366Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.575Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.575Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.571Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5156,89 +5204,90 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.571Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212635761Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.571Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.571Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.567Z", + "confluence": { + "audit": { "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5255,89 +5304,90 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.567Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212637261Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.567Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.567Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.556Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5354,89 +5404,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.556Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212638709Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.556Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.556Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.454Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5453,87 +5504,88 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.454Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212640111Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.454Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.454Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.444Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5545,89 +5597,90 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.444Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212641773Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.444Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.444Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.435Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5644,89 +5697,90 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.435Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212643197Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.435Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.435Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.424Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -5743,89 +5797,90 @@ "key": "User", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.424Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212644606Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.424Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.424Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.404Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -5842,4610 +5897,4664 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.404Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], + "ingested": "2022-02-24T20:23:44.212646080Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.404Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.404Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.393Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.393Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212647540Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.375Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.375Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212648985Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.375Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.375Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.366Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.366Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212650399Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.366Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.366Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.361Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.361Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212651818Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.361Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.361Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.357Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.357Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212653243Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.357Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.357Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.350Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.350Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212654599Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.350Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.350Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.342Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "SETPAGEPERMISSIONS", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.342Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212656055Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.342Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.342Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.330Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.330Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212657503Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.330Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.330Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.324Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.324Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212658961Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.324Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.324Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.311Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.311Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212660340Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.311Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.311Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.303Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "SETPAGEPERMISSIONS", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.303Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212661809Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.303Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.303Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.295Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "SETPAGEPERMISSIONS", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] - } + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } + } }, - "@timestamp": "2021-11-23T00:39:37.295Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212663294Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.295Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.295Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.290Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.290Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212664918Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.290Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.290Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.285Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.285Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212666360Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.285Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.285Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.282Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.282Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212667787Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.282Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.282Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.278Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.278Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212669289Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.278Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.278Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.274Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEMAIL", + "i18nKey": "Type", "key": "Type" } - ] - } - }, - "@timestamp": "2021-11-23T00:39:37.274Z", - "ecs": { - "version": "8.2.0" + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212670699Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.274Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.274Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.270Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.270Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212672085Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.270Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.270Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.266Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.266Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212673583Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.266Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.266Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.262Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EXPORTSPACE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.262Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212675055Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.262Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.262Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.258Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.258Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212676534Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.258Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.258Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.254Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.254Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212678093Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.254Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.254Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.250Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.250Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212679486Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.250Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.250Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.246Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.246Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212680910Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.246Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.246Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.242Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EXPORTPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.242Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212682365Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.242Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.242Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.238Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.238Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212683795Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.238Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.238Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.234Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.234Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212685269Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.234Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.234Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.230Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITBLOG", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.230Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212686734Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.230Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.230Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.225Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.225Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212688138Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.225Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.225Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.221Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.221Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212689612Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.221Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.221Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.217Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.217Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212691098Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.217Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.217Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.212Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.212Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212692516Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.212Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" - ] - }, + ], + "user": [ + "admin" + ] + }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.212Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.208Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.208Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212693989Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.208Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.208Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.204Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.204Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212695360Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.204Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.204Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.200Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.200Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212696744Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.200Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.200Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.194Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "CREATEATTACHMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.194Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212698218Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.194Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.194Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.188Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.188Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212699650Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.176Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "VIEWSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.176Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212701070Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.176Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.176Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.166Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.166Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212702510Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.166Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.166Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.160Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.160Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212703932Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.160Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.160Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.155Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.155Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212705342Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.155Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.155Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.149Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEBLOG", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.149Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212706788Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.149Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.149Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.143Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.143Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212708202Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.143Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.143Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.137Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.137Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212709599Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.137Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.137Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.132Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "REMOVECOMMENT", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.132Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212711386Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.132Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.132Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.128Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-users", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.128Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212712836Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.128Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.128Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.122Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.122Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212714344Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.122Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.122Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.115Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.115Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212715818Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.115Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.115Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.107Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "COMMENT", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.107Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212717346Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.107Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.107Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.099Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "REMOVEPAGE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.099Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212718793Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.099Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.099Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.091Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "SETSPACEPERMISSIONS", + "i18nKey": "Type", "key": "Type" }, { - "i18nKey": "User", "from": "admin", + "i18nKey": "User", "key": "User" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.091Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212720179Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.091Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.091Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:37.055Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Group", "from": "confluence-administrators", + "i18nKey": "Group", "key": "Group" }, { - "i18nKey": "Type", "from": "SETSPACEPERMISSIONS", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.055Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212721628Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.055Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.055Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] - }, - { - "confluence": { - "audit": { - "method": "Browser", + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } + }, + { + "@timestamp": "2021-11-23T00:39:37.008Z", + "confluence": { + "audit": { "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.removed", - "action": "Space permission removed", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { - "i18nKey": "Type", "from": "EDITSPACE", + "i18nKey": "Type", "key": "Type" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission removed", + "actionI18nKey": "audit.logging.summary.space.permission.removed", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:39:37.008Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.removed", + "ingested": "2022-02-24T20:23:44.212723045Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:37.008Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.removed", - "original": "{\"timestamp\":\"2021-11-23T00:39:37.008Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:36.900Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.config.updated", - "action": "Space configuration updated", - "categoryI18nKey": "audit.logging.category.spaces", - "category": "Spaces" - }, "changed_values": [ { "i18nKey": "Description", @@ -10476,142 +10585,144 @@ "key": "Space type", "to": "global" } - ] + ], + "method": "Browser", + "type": { + "action": "Space configuration updated", + "actionI18nKey": "audit.logging.summary.space.config.updated", + "category": "Spaces", + "categoryI18nKey": "audit.logging.category.spaces" + } } }, - "@timestamp": "2021-11-23T00:39:36.900Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.space.config.updated", + "category": [ + "configuration" ], + "ingested": "2022-02-24T20:23:44.212724447Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:36.900Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.spaces\",\"category\":\"Spaces\",\"actionI18nKey\":\"audit.logging.summary.space.config.updated\",\"action\":\"Space configuration updated\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"\"},{\"key\":\"Home page\",\"i18nKey\":\"Home page\",\"to\":\"page: asdf v.1 (65593)\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"asdf\"},{\"key\":\"Space key\",\"i18nKey\":\"Space key\",\"to\":\"ASDF\"},{\"key\":\"Space status\",\"i18nKey\":\"Space status\",\"to\":\"CURRENT\"},{\"key\":\"Space type\",\"i18nKey\":\"Space type\",\"to\":\"global\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.config.updated", - "original": "{\"timestamp\":\"2021-11-23T00:39:36.900Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.spaces\",\"category\":\"Spaces\",\"actionI18nKey\":\"audit.logging.summary.space.config.updated\",\"action\":\"Space configuration updated\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"\"},{\"key\":\"Home page\",\"i18nKey\":\"Home page\",\"to\":\"page: asdf v.1 (65593)\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"asdf\"},{\"key\":\"Space key\",\"i18nKey\":\"Space key\",\"to\":\"ASDF\"},{\"key\":\"Space status\",\"i18nKey\":\"Space status\",\"to\":\"CURRENT\"},{\"key\":\"Space type\",\"i18nKey\":\"Space type\",\"to\":\"global\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:36.323Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "98306", + "name": "asdf", "type": "Space", "uri": "http://confluence.internal:8090/display/ASDF" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.space.import", "action": "Space import", - "categoryI18nKey": "audit.logging.category.import.export", - "category": "Import/Export" + "actionI18nKey": "audit.logging.summary.space.import", + "category": "Import/Export", + "categoryI18nKey": "audit.logging.category.import.export" } } }, - "@timestamp": "2021-11-23T00:39:36.323Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.import", + "ingested": "2022-02-24T20:23:44.212725964Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:36.323Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.import", - "original": "{\"timestamp\":\"2021-11-23T00:39:36.323Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:39:11.067Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10633,68 +10744,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:39:11.067Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212727476Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:39:11.067Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"52 - 61\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:39:11.057109Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:39:11.067Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"52 - 61\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:39:11.057109Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:58.965Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10716,68 +10828,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:58.965Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212728967Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:58.965Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"60 - 60\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:58.959089Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"1\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:58.965Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"60 - 60\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:58.959089Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"1\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:57.393Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10799,68 +10912,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:57.393Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212730468Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:57.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 59\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:57.380777Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"11\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:57.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 59\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:57.380777Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"11\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:42.240Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10882,68 +10996,69 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:42.240Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212731930Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:42.240Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 58\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:42.224135Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:42.240Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 58\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:42.224135Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { + "@timestamp": "2021-11-23T00:38:35.211Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "action": "Audit Log search performed", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "extra_attributes": [ { "name": "ID Range", @@ -10965,81 +11080,101 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, - "@timestamp": "2021-11-23T00:38:35.211Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:23:44.212809385Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:38:35.211Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:35.065543Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z\"}]}", + "type": "info" + }, "related": { - "user": [ - "admin" - ], "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"timestamp\":\"2021-11-23T00:38:35.211Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:35.065543Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z\"}]}", - "type": "info", - "kind": "event" - }, - "user": { - "name": "admin", - "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "test user", + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" + } }, { "@timestamp": "2021-11-23T00:35:04.387Z", "confluence": { "audit": { - "method": "System", - "type": { - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "action": "Audit Log configuration updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing" - }, "changed_values": [ { "i18nKey": "atlassian.audit.event.change.retention", "key": "Retention", "to": "3 Years" } - ] + ], + "method": "System", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit" + } } }, "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212815283Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"system\":\"http://confluence.internal:8090\",\"method\":\"System\",\"extraAttributes\":[]}", + "type": [ + "admin", + "change" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11048,50 +11183,32 @@ "service": { "address": "http://confluence.internal:8090" }, - "event": { - "action": "atlassian.audit.event.action.audit.config.updated", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"system\":\"http://confluence.internal:8090\",\"method\":\"System\",\"extraAttributes\":[]}", - "type": [ - "admin", - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "System", "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.306Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11108,13 +11225,33 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.306Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212816780Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.306Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11127,66 +11264,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.306Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.305Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11203,13 +11321,33 @@ "key": "Type", "to": "SETPAGEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.305Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212818224Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.305Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11222,64 +11360,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.305Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:35:04.303Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -11291,13 +11410,33 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.303Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212819729Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.303Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11310,66 +11449,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.303Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.301Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11386,13 +11506,33 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.301Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212821185Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.301Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11405,66 +11545,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.301Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.299Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11481,13 +11602,33 @@ "key": "Type", "to": "REMOVEMAIL" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.299Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212822641Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.299Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11500,64 +11641,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.299Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.298Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -11569,13 +11691,33 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.298Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212824091Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.298Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11588,66 +11730,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.298Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.296Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11664,85 +11787,86 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.296Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], - "ip": [ - "81.2.69.143" - ] + "ingested": "2022-02-24T20:23:44.212825534Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.296Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" + ], + "ip": [ + "81.2.69.143" + ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.296Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.294Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11759,13 +11883,33 @@ "key": "Type", "to": "EXPORTSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.294Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212827033Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.294Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11778,64 +11922,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.294Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.292Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -11847,13 +11972,33 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.292Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212828485Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.292Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11866,66 +12011,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.292Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.290Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -11942,13 +12068,33 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.290Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212829873Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.290Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -11961,66 +12107,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.290Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.288Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12037,13 +12164,33 @@ "key": "Type", "to": "EDITBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.288Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212831321Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.288Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12056,64 +12203,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.288Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:35:04.287Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12125,13 +12253,33 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.287Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212832784Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.287Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12144,66 +12292,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.287Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.285Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12220,13 +12349,33 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.285Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212834233Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.285Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12239,66 +12388,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.285Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.283Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12315,13 +12445,33 @@ "key": "Type", "to": "REMOVEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.283Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212835690Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.283Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12334,64 +12484,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.283Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.281Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12403,13 +12534,33 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.281Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212837209Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.281Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12422,66 +12573,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.281Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.279Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12498,85 +12630,86 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.279Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], - "ip": [ - "81.2.69.143" - ] + "ingested": "2022-02-24T20:23:44.212838680Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.279Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" + ], + "ip": [ + "81.2.69.143" + ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.279Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.277Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12593,13 +12726,33 @@ "key": "Type", "to": "CREATEATTACHMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.277Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212840137Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.277Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12612,64 +12765,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.277Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.275Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12681,13 +12815,33 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.275Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212841707Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.275Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12700,66 +12854,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.275Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.273Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12776,13 +12911,33 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.273Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212843080Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.273Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12795,66 +12950,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.273Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.271Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -12871,13 +13007,33 @@ "key": "Type", "to": "REMOVEBLOG" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.271Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212844516Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.271Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12890,64 +13046,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.271Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:35:04.269Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -12959,13 +13096,33 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.269Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212845965Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.269Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -12978,66 +13135,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.269Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.267Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13054,13 +13192,33 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.267Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212847420Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.267Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13073,66 +13231,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.267Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.265Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13149,13 +13288,33 @@ "key": "Type", "to": "REMOVECOMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.265Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212848860Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.265Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13168,64 +13327,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.265Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.262Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -13237,13 +13377,33 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.262Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212850360Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.262Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13256,66 +13416,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.262Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.259Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13332,85 +13473,86 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.259Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], - "ip": [ - "81.2.69.143" - ] + "ingested": "2022-02-24T20:23:44.212851795Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.259Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" + ], + "ip": [ + "81.2.69.143" + ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.259Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.257Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13427,13 +13569,33 @@ "key": "Type", "to": "REMOVEPAGE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.257Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212853281Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.257Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13446,66 +13608,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.257Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.255Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13522,13 +13665,33 @@ "key": "Type", "to": "SETSPACEPERMISSIONS" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.255Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212854698Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.255Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13541,64 +13704,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.255Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.253Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -13610,13 +13754,33 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.253Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212856056Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13629,66 +13793,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.251Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13705,13 +13850,33 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.251Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212857453Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13724,66 +13889,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:35:04.249Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13800,13 +13946,33 @@ "key": "Type", "to": "EDITSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.249Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212858856Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.249Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13819,64 +13985,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.249Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.247Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -13888,13 +14035,33 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.247Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212860218Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.247Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -13907,66 +14074,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.247Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.245Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -13983,13 +14131,33 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.245Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212861612Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.245Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14002,66 +14170,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.245Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.242Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14078,13 +14227,33 @@ "key": "Type", "to": "COMMENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.242Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212863022Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.242Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14097,64 +14266,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.242Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.240Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -14166,85 +14316,86 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.240Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" ], - "ip": [ - "81.2.69.143" - ] + "ingested": "2022-02-24T20:23:44.212864432Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.240Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" + ], + "ip": [ + "81.2.69.143" + ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.240Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.238Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14261,13 +14412,33 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.238Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212865836Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.238Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14280,66 +14451,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.238Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.235Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14356,13 +14508,33 @@ "key": "Type", "to": "REMOVEOWNCONTENT" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.235Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212867224Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.235Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14375,64 +14547,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.235Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.231Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Space", @@ -14444,13 +14597,33 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.231Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212868754Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.231Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14463,66 +14636,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.231Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:04.219Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14539,13 +14693,33 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.219Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212870135Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.219Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14558,66 +14732,47 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.219Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:35:04.192Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], - "type": { - "actionI18nKey": "audit.logging.summary.space.permission.added", - "action": "Space permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -14634,13 +14789,33 @@ "key": "Type", "to": "VIEWSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:04.192Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212871578Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:04.192Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -14653,236 +14828,219 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:04.192Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.950Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" }, { - "name": "admin", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.membership.added", "action": "User added to group", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.membership.added", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.950Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:23:44.212872969Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.950Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.950Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9680837d4a3682017d4a375a280000", "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" - } + "id": "confluence-administrators", + "name": "confluence-administrators" + }, + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.924Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" }, { - "name": "admin", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.membership.added", "action": "User added to group", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.membership.added", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.924Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:23:44.212874368Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.924Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.924Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9680837d4a3682017d4a375a280000", "group": { - "name": "confluence-users", - "id": "confluence-users" - } + "id": "confluence-users", + "name": "confluence-users" + }, + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.860Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "test user", "id": "2c9680837d4a3682017d4a375a280000", + "name": "test user", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=admin" } ], - "type": { - "actionI18nKey": "audit.logging.summary.user.created", - "action": "User created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "i18nKey": "Active", @@ -14904,91 +15062,92 @@ "key": "Username", "to": "admin" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "audit.logging.summary.user.created", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-23T00:35:03.860Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.user.created", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:23:44.212876120Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.860Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"to\":\"test user\"},{\"key\":\"Email\",\"i18nKey\":\"Email\",\"to\":\"test.user@example.com\"},{\"key\":\"Username\",\"i18nKey\":\"Username\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.user.created", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.860Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"to\":\"test user\"},{\"key\":\"Email\",\"i18nKey\":\"Email\",\"to\":\"test.user@example.com\"},{\"key\":\"Username\",\"i18nKey\":\"Username\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "changes": { - "name": "admin", "email": "test.user@example.com", - "full_name": "test user" + "full_name": "test user", + "name": "admin" }, "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", "full_name": "test user", - "id": "2c9680837d4a3682017d4a375a280000" + "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.253Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15000,16 +15159,36 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.253Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ - "confluence.internal" + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212877559Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ + "confluence.internal" ], "ip": [ "81.2.69.143" @@ -15019,60 +15198,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.251Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15084,13 +15244,33 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.251Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212879034Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15103,60 +15283,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.250Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15168,13 +15329,33 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.250Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212880434Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.250Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15187,60 +15368,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.250Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.246Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15252,13 +15414,33 @@ "key": "Type", "to": "SYSTEMADMINISTRATOR" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.246Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212881825Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.246Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15271,60 +15453,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.246Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.243Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15336,13 +15499,33 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.243Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212883240Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.243Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15355,60 +15538,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.243Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.241Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15420,13 +15584,33 @@ "key": "Type", "to": "ADMINISTRATECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.241Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212884671Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.241Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15439,60 +15623,41 @@ "address": "http://confluence.internal:8090" }, "source": { - "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", - "city_name": "London", - "country_iso_code": "GB", - "country_name": "United Kingdom", - "region_name": "England", - "location": { - "lon": -0.0931, - "lat": 51.5142 - } - }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.241Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.239Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15504,13 +15669,33 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.239Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212886070Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.239Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15523,60 +15708,41 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.239Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.217Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], - "type": { - "actionI18nKey": "audit.logging.summary.global.permission.added", - "action": "Global permission added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions" - }, "changed_values": [ { "i18nKey": "Group", @@ -15588,13 +15754,33 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions" + } } }, - "@timestamp": "2021-11-23T00:35:03.217Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:23:44.212887456Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.217Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -15607,66 +15793,70 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.217Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:35:03.201Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-users", "id": "confluence-users", + "name": "confluence-users", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.created", "action": "Group created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.created", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.201Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:44.212889036Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.201Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-users", + "name": "confluence-users" + }, "related": { "hosts": [ "confluence.internal" @@ -15679,69 +15869,70 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.201Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-users", - "id": "confluence-users" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-23T00:35:03.188Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "confluence-administrators", "id": "confluence-administrators", + "name": "confluence-administrators", "type": "Group", "uri": "http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.group.created", "action": "Group created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.group.created", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-23T00:35:03.188Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:23:44.212890451Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.188Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-administrators", + "name": "confluence-administrators" + }, "related": { "hosts": [ "confluence.internal" @@ -15754,61 +15945,39 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.188Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-23T00:35:03.109Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Internal Directory", "type": "Directory" } ], - "type": { - "actionI18nKey": "audit.logging.summary.directory.added", - "action": "User directory created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "i18nKey": "Active", @@ -15900,13 +16069,26 @@ "key": "Type", "to": "INTERNAL" } - ] + ], + "method": "Browser", + "type": { + "action": "User directory created", + "actionI18nKey": "audit.logging.summary.directory.added", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-23T00:35:03.109Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.directory.added", + "ingested": "2022-02-24T20:23:44.212891926Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:35:03.109Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"action\":\"User directory created\"},\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"key\":\"Encryption type\",\"i18nKey\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"key\":\"ID\",\"i18nKey\":\"ID\",\"to\":\"327681\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"INTERNAL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -15919,59 +16101,60 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.directory.added", - "original": "{\"timestamp\":\"2021-11-23T00:35:03.109Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"action\":\"User directory created\"},\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"key\":\"Encryption type\",\"i18nKey\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"key\":\"ID\",\"i18nKey\":\"ID\",\"to\":\"327681\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"INTERNAL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" + "ip": "81.2.69.143" }, "tags": [ "preserve_original_event" - ] + ], + "user": { + "full_name": "Anonymous", + "id": "-2" + } }, { + "@timestamp": "2021-11-23T00:34:46.735Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "Demonstration Space", "id": "98305", + "name": "Demonstration Space", "type": "Space", "uri": "http://confluence.internal:8090/display/ds" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.space.import", "action": "Space import", - "categoryI18nKey": "audit.logging.category.import.export", - "category": "Import/Export" + "actionI18nKey": "audit.logging.summary.space.import", + "category": "Import/Export", + "categoryI18nKey": "audit.logging.category.import.export" } } }, - "@timestamp": "2021-11-23T00:34:46.735Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.import", + "ingested": "2022-02-24T20:23:44.212893349Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:34:46.735Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -15984,57 +16167,58 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.import", - "original": "{\"timestamp\":\"2021-11-23T00:34:46.735Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:34:45.732Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Synchrony Interop Bootstrap Plugin", "type": "App" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.plugin.enabled", "action": "App enabled", - "categoryI18nKey": "audit.logging.category.plugins", - "category": "Apps" + "actionI18nKey": "audit.logging.summary.plugin.enabled", + "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins" } } }, - "@timestamp": "2021-11-23T00:34:45.732Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "ingested": "2022-02-24T20:23:44.212894714Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:34:45.732Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -16047,57 +16231,58 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"timestamp\":\"2021-11-23T00:34:45.732Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-23T00:34:44.466Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Collaborative Editor Plugin", "type": "App" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.plugin.enabled", "action": "App enabled", - "categoryI18nKey": "audit.logging.category.plugins", - "category": "Apps" + "actionI18nKey": "audit.logging.summary.plugin.enabled", + "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins" } } }, - "@timestamp": "2021-11-23T00:34:44.466Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "ingested": "2022-02-24T20:23:44.212896090Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-23T00:34:44.466Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -16110,78 +16295,85 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"timestamp\":\"2021-11-23T00:34:44.466Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-28T17:05:37.142Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf", "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123" } ], - "type": { - "actionI18nKey": "audit.logging.summary.user.renamed", - "action": "User renamed", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "from": "asdf", - "to": "asdf123", "i18nKey": "audit.logging.changed.value.username", - "key": "Username" + "key": "Username", + "to": "asdf123" } - ] + ], + "method": "Browser", + "type": { + "action": "User renamed", + "actionI18nKey": "audit.logging.summary.user.renamed", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-28T17:05:37.142Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin123", - "asdf", - "asdf123" + "event": { + "action": "audit.logging.summary.user.renamed", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:23:44.212897577Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T17:05:37.142Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"audit.logging.changed.value.username\",\"from\":\"asdf\",\"to\":\"asdf123\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin123", + "asdf", + "asdf123" ] }, "service": { @@ -16191,67 +16383,68 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "audit.logging.summary.user.renamed", - "original": "{\"timestamp\":\"2021-11-28T17:05:37.142Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"audit.logging.changed.value.username\",\"from\":\"asdf\",\"to\":\"asdf123\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin123", "changes": { "name": "asdf123" }, "full_name": "Joe Bob", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin123", "target": { "name": "asdf" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-28T17:06:11.805Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf asdfasdf", "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf asdfasdf", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123" } ], + "method": "Browser", "type": { - "actionI18nKey": "audit.logging.summary.user.updated", "action": "User details updated", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" + "actionI18nKey": "audit.logging.summary.user.updated", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" } } }, - "@timestamp": "2021-11-28T17:06:11.805Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin123", - "asdf123" + "event": { + "action": "audit.logging.summary.user.updated", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:23:44.212899022Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T17:06:11.805Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin123", + "asdf123" ] }, "service": { @@ -16261,74 +16454,75 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "audit.logging.summary.user.updated", - "original": "{\"timestamp\":\"2021-11-28T17:06:11.805Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin123", "full_name": "Joe Bob", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin123", "target": { - "name": "asdf123", "full_name": "asdf asdfasdf", - "id": "2c9680837d4a3682017d67821e520003" + "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf123" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-28T17:05:37.158Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { - "name": "asdf asdfasdf", "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf asdfasdf", "type": "User", "uri": "http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123" } ], - "type": { - "actionI18nKey": "audit.logging.summary.user.updated", - "action": "User details updated", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups" - }, "changed_values": [ { "from": "asdf", - "to": "asdf asdfasdf", "i18nKey": "Display name", - "key": "Display name" + "key": "Display name", + "to": "asdf asdfasdf" } - ] + ], + "method": "Browser", + "type": { + "action": "User details updated", + "actionI18nKey": "audit.logging.summary.user.updated", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management" + } } }, - "@timestamp": "2021-11-28T17:05:37.158Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin123", - "asdf123" + "event": { + "action": "audit.logging.summary.user.updated", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:23:44.212900390Z", + "kind": "event", + "original": "{\"timestamp\":\"2021-11-28T17:05:37.158Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"from\":\"asdf\",\"to\":\"asdf asdfasdf\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", + "type": [ + "user", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "10.100.100.2" + ], + "user": [ + "admin123", + "asdf123" ] }, "service": { @@ -16338,34 +16532,22 @@ "address": "10.100.100.2", "ip": "10.100.100.2" }, - "event": { - "action": "audit.logging.summary.user.updated", - "original": "{\"timestamp\":\"2021-11-28T17:05:37.158Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"from\":\"asdf\",\"to\":\"asdf asdfasdf\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", - "type": [ - "user", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { - "name": "admin123", "changes": { "full_name": "asdf asdfasdf" }, "full_name": "Joe Bob", "id": "2c9680837d4a3682017d4a375a280000", + "name": "admin123", "target": { - "name": "asdf123", "full_name": "asdf", - "id": "2c9680837d4a3682017d67821e520003" + "id": "2c9680837d4a3682017d67821e520003", + "name": "asdf123" } - }, - "tags": [ - "preserve_original_event" - ] + } } ] } \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 6467ffd1297..f15c6b748a7 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -1,29 +1,36 @@ { "expected": [ { + "@timestamp": "2021-11-22T23:42:47.332Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Synchrony Interop Bootstrap Plugin", "type": "App" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "App enabled", "actionI18nKey": "audit.logging.summary.plugin.enabled", - "categoryI18nKey": "audit.logging.category.plugins", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:42:47.332Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "ingested": "2022-02-24T20:24:06.949054738Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624567,\"nano\":332000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -36,59 +43,60 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624567,\"nano\":332000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:42:45.791Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Collaborative Editor Plugin", "type": "App" } ], + "method": "Browser", "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "action": "App enabled", "actionI18nKey": "audit.logging.summary.plugin.enabled", - "categoryI18nKey": "audit.logging.category.plugins", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", "category": "Apps", + "categoryI18nKey": "audit.logging.category.plugins", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:42:45.791Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.plugin.enabled", + "ingested": "2022-02-24T20:24:06.949057299Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624565,\"nano\":791000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -101,60 +109,61 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.plugin.enabled", - "original": "{\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624565,\"nano\":791000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:42:49.660Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], + "method": "Browser", "type": { - "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "action": "Space import", "actionI18nKey": "audit.logging.summary.space.import", - "categoryI18nKey": "audit.logging.category.import.export", + "area": "LOCAL_CONFIG_AND_ADMINISTRATION", "category": "Import/Export", + "categoryI18nKey": "audit.logging.category.import.export", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:42:49.660Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.import", + "ingested": "2022-02-24T20:24:06.949058376Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space import\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Import/Export\",\"categoryI18nKey\":\"audit.logging.category.import.export\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624569,\"nano\":660000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -167,53 +176,39 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.import", - "original": "{\"affectedObjects\":[{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space import\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Import/Export\",\"categoryI18nKey\":\"audit.logging.category.import.export\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624569,\"nano\":660000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.440Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Confluence Internal Directory", "type": "Directory" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User directory created", - "actionI18nKey": "audit.logging.summary.directory.added", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "ID", @@ -305,13 +300,28 @@ "key": "Allowed operation", "to": "CREATE_GROUP" } - ] + ], + "method": "Browser", + "type": { + "action": "User directory created", + "actionI18nKey": "audit.logging.summary.directory.added", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.440Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.directory.added", + "ingested": "2022-02-24T20:24:06.949059490Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"auditType\":{\"action\":\"User directory created\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"ID\",\"key\":\"ID\",\"to\":\"327681\"},{\"i18nKey\":\"Name\",\"key\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"},{\"i18nKey\":\"Encryption type\",\"key\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"i18nKey\":\"Description\",\"key\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"INTERNAL\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":440000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -324,60 +334,71 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.directory.added", - "original": "{\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"auditType\":{\"action\":\"User directory created\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"ID\",\"key\":\"ID\",\"to\":\"327681\"},{\"i18nKey\":\"Name\",\"key\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"},{\"i18nKey\":\"Encryption type\",\"key\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"i18nKey\":\"Description\",\"key\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"INTERNAL\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":440000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.536Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "Group created", "actionI18nKey": "audit.logging.summary.group.created", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:21.536Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:24:06.949060614Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":536000000},\"version\":\"1.0\"}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-administrators", + "name": "confluence-administrators" + }, "related": { "hosts": [ "confluence.internal" @@ -390,70 +411,71 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":536000000},\"version\":\"1.0\"}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-22T23:43:21.552Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "Group created", "actionI18nKey": "audit.logging.summary.group.created", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:21.552Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.group.created", + "category": [ + "iam" + ], + "ingested": "2022-02-24T20:24:06.949061652Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":552000000},\"version\":\"1.0\"}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "confluence-users", + "name": "confluence-users" + }, "related": { "hosts": [ "confluence.internal" @@ -466,64 +488,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.created", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":552000000},\"version\":\"1.0\"}", - "type": [ - "group", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, - "user": { - "full_name": "Anonymous", - "id": "-2" - }, "tags": [ "preserve_original_event" ], - "group": { - "name": "confluence-users", - "id": "confluence-users" + "user": { + "full_name": "Anonymous", + "id": "-2" } }, { + "@timestamp": "2021-11-22T23:43:21.592Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -535,15 +533,37 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.592Z", "ecs": { "version": "8.2.0" }, - "related": { - "hosts": [ + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949062680Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":592000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, + "related": { + "hosts": [ "confluence.internal" ], "ip": [ @@ -554,61 +574,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":592000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.620Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -620,13 +619,35 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.620Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949063734Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":620000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -639,61 +660,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":620000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.623Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -705,13 +705,35 @@ "key": "Type", "to": "ADMINISTRATECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.623Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949064739Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":623000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -724,61 +746,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":623000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.627Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -790,13 +791,35 @@ "key": "Type", "to": "USECONFLUENCE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.627Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949065749Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":627000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -809,61 +832,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":627000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.688Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -875,13 +877,35 @@ "key": "Type", "to": "SYSTEMADMINISTRATOR" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.688Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949066755Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":688000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -894,61 +918,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":688000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.692Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -960,13 +963,35 @@ "key": "Type", "to": "PERSONALSPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.692Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949067899Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":692000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -979,61 +1004,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } - }, - "address": "81.2.69.143", - "ip": "81.2.69.143" - }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":692000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.694Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1045,13 +1049,35 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.694Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949068895Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":694000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1064,61 +1090,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":694000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:21.696Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" } ], - "type": { - "area": "PERMISSIONS", - "action": "Global permission added", - "actionI18nKey": "audit.logging.summary.global.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1130,13 +1135,35 @@ "key": "Type", "to": "CREATESPACE" } - ] + ], + "method": "Browser", + "type": { + "action": "Global permission added", + "actionI18nKey": "audit.logging.summary.global.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:21.696Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949069878Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":696000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1149,61 +1176,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":696000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.540Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2c9580827d4a06e8017d4a07c3e10000", "name": "test.user", - "type": "User", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "type": "User" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "audit.logging.summary.user.created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Display name", @@ -1225,60 +1231,72 @@ "key": "Active", "to": "Yes" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "audit.logging.summary.user.created", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.540Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.user.created", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:24:06.949070897Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"test.user\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"admin\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":54000000},\"version\":\"1.0\"}", + "type": [ + "user", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.user.created", - "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"test.user\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"admin\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":54000000},\"version\":\"1.0\"}", - "type": [ - "user", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "changes": { - "name": "admin", "email": "test.user@example.com", - "full_name": "test.user" + "full_name": "test.user", + "name": "admin" }, "full_name": "Anonymous", "id": "-2", @@ -1286,211 +1304,202 @@ "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.147Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a07c3e10000", "name": "admin", - "type": "User", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:22.147Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:24:06.949071885Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":147000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":147000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9580827d4a06e8017d4a07c3e10000", "group": { - "name": "confluence-users", - "id": "confluence-users" - } + "id": "confluence-users", + "name": "confluence-users" + }, + "id": "2c9580827d4a06e8017d4a07c3e10000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.172Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a07c3e10000", "name": "admin", - "type": "User", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:43:22.172Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "admin" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:24:06.949072977Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":172000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "admin" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":172000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2", "target": { - "name": "admin", - "id": "2c9580827d4a06e8017d4a07c3e10000", "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" - } + "id": "confluence-administrators", + "name": "confluence-administrators" + }, + "id": "2c9580827d4a06e8017d4a07c3e10000", + "name": "admin" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.401Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1507,13 +1516,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.401Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949073983Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":401000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1526,66 +1557,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":401000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.429Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1602,13 +1612,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.429Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949074994Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":429000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1621,65 +1653,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":429000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.437Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -1691,13 +1702,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.437Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949076017Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":437000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1710,66 +1743,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":437000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.442Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1786,13 +1798,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.442Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949077018Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":442000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1805,66 +1839,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":442000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.445Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -1881,13 +1894,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.445Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949077993Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":445000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1900,65 +1935,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":445000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.447Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -1970,13 +1984,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.447Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949078987Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":447000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -1989,66 +2025,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":447000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.450Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2065,13 +2080,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.450Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949080026Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":450000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2084,66 +2121,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":450000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.454Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2160,13 +2176,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.454Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949081016Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":454000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2179,65 +2217,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":454000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.457Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -2249,13 +2266,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.457Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949082037Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":457000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2268,66 +2307,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":457000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.459Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2344,13 +2362,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.459Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949083059Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":459000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2363,66 +2403,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":459000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.462Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2439,13 +2458,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.462Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949084103Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":462000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2458,65 +2499,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":462000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.464Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -2528,13 +2548,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.464Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949085110Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":464000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2547,66 +2589,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":464000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.467Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2623,13 +2644,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.467Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949086197Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":467000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2642,66 +2685,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":467000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.470Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2718,13 +2740,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.470Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949087212Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":470000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2737,66 +2781,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":470000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.472Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -2813,13 +2836,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.472Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949088243Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":472000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2832,65 +2877,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":472000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.475Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -2902,13 +2926,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.475Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949089254Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":475000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -2921,66 +2967,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":475000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.479Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" - } - ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, + "type": "Space" + } + ], "changed_values": [ { "i18nKey": "Group", @@ -2997,13 +3022,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.479Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949090252Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":479000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3016,66 +3063,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":479000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.481Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3092,13 +3118,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.481Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949091314Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":481000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3111,65 +3159,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":481000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.484Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -3181,13 +3208,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.484Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949092336Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":484000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3200,66 +3249,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":484000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.486Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3276,13 +3304,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.486Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949093364Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":486000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3295,66 +3345,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":486000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.489Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3371,13 +3400,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.489Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949094357Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":489000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3390,65 +3441,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":489000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.491Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -3460,13 +3490,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.491Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949095347Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":491000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3479,66 +3531,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":491000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.493Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3555,13 +3586,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.493Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949096412Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":493000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3574,66 +3627,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":493000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.496Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3650,13 +3682,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.496Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949097419Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":496000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3669,65 +3723,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":496000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.498Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -3739,13 +3772,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.498Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949098416Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":498000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3758,66 +3813,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":498000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.501Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3834,13 +3868,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.501Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949099426Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":501000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3853,66 +3909,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":501000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.503Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -3929,13 +3964,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.503Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949100443Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":503000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -3948,65 +4005,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":503000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.506Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4018,13 +4054,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.506Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949101435Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":506000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4037,66 +4095,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":506000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.508Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4113,13 +4150,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.508Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949102492Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":508000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4132,66 +4191,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":508000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.510Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4208,13 +4246,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.510Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949103526Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":510000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4227,65 +4287,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":510000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.513Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4297,13 +4336,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.513Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949104526Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":513000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4316,66 +4377,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":513000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.515Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4392,13 +4432,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.515Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949105537Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":515000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4411,66 +4473,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":515000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.518Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4487,13 +4528,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.518Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949106517Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":518000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4506,65 +4569,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":518000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.520Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" - } - ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, + "type": "Space" + } + ], "changed_values": [ { "i18nKey": "Type", @@ -4576,13 +4618,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.520Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949107576Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":520000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4595,66 +4659,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":520000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.522Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4671,13 +4714,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.522Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949108557Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":522000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4690,66 +4755,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":522000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.525Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4766,13 +4810,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.525Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949109561Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":525000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4785,65 +4851,44 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":525000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.527Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { "name": "Anonymous", "type": "User" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Type", @@ -4855,13 +4900,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.527Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949110568Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":527000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4874,66 +4941,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":527000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.529Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -4950,13 +4996,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.529Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949111558Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":529000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -4969,66 +5037,45 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":529000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:43:22.532Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "98305", "name": "Demonstration Space", - "type": "Space", - "id": "98305" + "type": "Space" } ], - "type": { - "area": "PERMISSIONS", - "action": "Space permission added", - "actionI18nKey": "audit.logging.summary.space.permission.added", - "categoryI18nKey": "audit.logging.category.permissions", - "category": "Permissions", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Group", @@ -5045,13 +5092,35 @@ "key": "Space", "to": "ds" } - ] + ], + "method": "Browser", + "type": { + "action": "Space permission added", + "actionI18nKey": "audit.logging.summary.space.permission.added", + "area": "PERMISSIONS", + "category": "Permissions", + "categoryI18nKey": "audit.logging.category.permissions", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:43:22.532Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.space.permission.added", + "category": [ + "iam", + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949112540Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":532000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "creation" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -5064,67 +5133,67 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.space.permission.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":532000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "creation" - ], - "category": [ - "iam", - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "Anonymous", "id": "-2" - }, - "tags": [ - "preserve_original_event" - ] + } }, { "@timestamp": "2021-11-22T23:43:22.615Z", "confluence": { "audit": { - "method": "System", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log configuration updated", - "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "atlassian.audit.event.change.retention", "key": "Retention", "to": "3 Years" } - ] + ], + "method": "System", + "type": { + "action": "Audit Log configuration updated", + "actionI18nKey": "atlassian.audit.event.action.audit.config.updated", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.config.updated", + "category": [ + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949113565Z", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"System\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":615000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "change" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -5133,38 +5202,18 @@ "service": { "address": "http://confluence.internal:8090" }, - "event": { - "action": "atlassian.audit.event.action.audit.config.updated", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"System\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":615000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "System", "id": "-1" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:44:13.873Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Query", @@ -5185,13 +5234,28 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:44:13.873Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:24:06.949114587Z", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -5204,47 +5268,33 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:47:20.815Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Timestamp Range", @@ -5266,13 +5316,28 @@ "nameI18nKey": "atlassian.audit.event.attribute.results", "value": "58" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:47:20.815Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:24:06.949115587Z", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:44:13.873Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 58\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-22T23:47:20.782708Z;\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"58\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624840,\"nano\":815000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -5285,47 +5350,33 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:44:13.873Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 58\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-22T23:47:20.782708Z;\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"58\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624840,\"nano\":815000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:49:50.382Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", - "action": "Global settings changed", - "actionI18nKey": "audit.logging.summary.global.settings.edited", - "categoryI18nKey": "audit.logging.category.admin", - "category": "Global Administration", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Custom contact admin message", @@ -5334,17 +5385,38 @@ }, { "from": "Confluence", - "to": "Confluence Test", "i18nKey": "Site title", - "key": "Site title" + "key": "Site title", + "to": "Confluence Test" } - ] + ], + "method": "Browser", + "type": { + "action": "Global settings changed", + "actionI18nKey": "audit.logging.summary.global.settings.edited", + "area": "GLOBAL_CONFIG_AND_ADMINISTRATION", + "category": "Global Administration", + "categoryI18nKey": "audit.logging.category.admin", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:49:50.382Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "audit.logging.summary.global.settings.edited", + "category": [ + "configuration" + ], + "ingested": "2022-02-24T20:24:06.949116586Z", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Global settings changed\",\"actionI18nKey\":\"audit.logging.summary.global.settings.edited\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global Administration\",\"categoryI18nKey\":\"audit.logging.category.admin\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Custom contact admin message\",\"key\":\"Custom contact admin message\",\"to\":\"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred.\"},{\"from\":\"Confluence\",\"i18nKey\":\"Site title\",\"key\":\"Site title\",\"to\":\"Confluence Test\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624990,\"nano\":382000000},\"version\":\"1.0\"}", + "type": [ + "admin", + "change" + ] + }, "related": { "hosts": [ "confluence.internal" @@ -5357,60 +5429,40 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.global.settings.edited", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Global settings changed\",\"actionI18nKey\":\"audit.logging.summary.global.settings.edited\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global Administration\",\"categoryI18nKey\":\"audit.logging.category.admin\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Custom contact admin message\",\"key\":\"Custom contact admin message\",\"to\":\"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred.\"},{\"from\":\"Confluence\",\"i18nKey\":\"Site title\",\"key\":\"Site title\",\"to\":\"Confluence Test\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624990,\"nano\":382000000},\"version\":\"1.0\"}", - "type": [ - "admin", - "change" - ], - "category": [ - "configuration" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:13.842Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "2c9580827d4a06e8017d4a0e9dda0001", "name": "Another User", - "type": "User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "type": "User" } ], - "type": { - "area": "USER_MANAGEMENT", - "action": "User created", - "actionI18nKey": "audit.logging.summary.user.created", - "categoryI18nKey": "audit.logging.category.user.management", - "category": "Users and groups", - "level": "BASE" - }, "changed_values": [ { "i18nKey": "Display name", @@ -5432,60 +5484,72 @@ "key": "Active", "to": "Yes" } - ] + ], + "method": "Browser", + "type": { + "action": "User created", + "actionI18nKey": "audit.logging.summary.user.created", + "area": "USER_MANAGEMENT", + "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:50:13.842Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "another.user" + "event": { + "action": "audit.logging.summary.user.created", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:24:06.949117591Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"Another User\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"Another User\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"another.user@example.como\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"another.user\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":842000000},\"version\":\"1.0\"}", + "type": [ + "user", + "creation" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "another.user" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.user.created", - "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"Another User\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"Another User\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"another.user@example.como\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"another.user\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":842000000},\"version\":\"1.0\"}", - "type": [ - "user", - "creation" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "changes": { - "name": "another.user", "email": "another.user@example.como", - "full_name": "Another User" + "full_name": "Another User", + "name": "another.user" }, "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", @@ -5493,199 +5557,190 @@ "full_name": "Another User", "id": "2c9580827d4a06e8017d4a0e9dda0001" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:13.966Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-users", "name": "confluence-users", - "type": "Group", - "id": "confluence-users" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a0e9dda0001", "name": "another.user", - "type": "User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:50:13.966Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "another.user" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:24:06.949118673Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":966000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "another.user" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":966000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", "target": { - "name": "another.user", - "id": "2c9580827d4a06e8017d4a0e9dda0001", "group": { - "name": "confluence-users", - "id": "confluence-users" - } + "id": "confluence-users", + "name": "confluence-users" + }, + "id": "2c9580827d4a06e8017d4a0e9dda0001", + "name": "another.user" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:32.205Z", "confluence": { "audit": { - "method": "Browser", "affected_objects": [ { + "id": "confluence-administrators", "name": "confluence-administrators", - "type": "Group", - "id": "confluence-administrators" + "type": "Group" }, { + "id": "2c9580827d4a06e8017d4a0e9dda0001", "name": "another.user", - "type": "User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "type": "User" } ], + "method": "Browser", "type": { - "area": "USER_MANAGEMENT", "action": "User added to group", "actionI18nKey": "audit.logging.summary.group.membership.added", - "categoryI18nKey": "audit.logging.category.user.management", + "area": "USER_MANAGEMENT", "category": "Users and groups", + "categoryI18nKey": "audit.logging.category.user.management", "level": "BASE" } } }, - "@timestamp": "2021-11-22T23:50:32.205Z", "ecs": { "version": "8.2.0" }, - "related": { - "user": [ - "another.user" + "event": { + "action": "audit.logging.summary.group.membership.added", + "category": [ + "iam" ], + "ingested": "2022-02-24T20:24:06.949119747Z", + "kind": "event", + "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625032,\"nano\":205000000},\"version\":\"1.0\"}", + "type": [ + "group", + "change" + ] + }, + "related": { "hosts": [ "confluence.internal" ], "ip": [ "81.2.69.143" + ], + "user": [ + "another.user" ] }, "service": { "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "audit.logging.summary.group.membership.added", - "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625032,\"nano\":205000000},\"version\":\"1.0\"}", - "type": [ - "group", - "change" - ], - "category": [ - "iam" - ], - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", "target": { - "name": "another.user", - "id": "2c9580827d4a06e8017d4a0e9dda0001", "group": { - "name": "confluence-administrators", - "id": "confluence-administrators" - } + "id": "confluence-administrators", + "name": "confluence-administrators" + }, + "id": "2c9580827d4a06e8017d4a0e9dda0001", + "name": "another.user" } - }, - "tags": [ - "preserve_original_event" - ] + } }, { + "@timestamp": "2021-11-22T23:50:35.770Z", "confluence": { "audit": { - "method": "Browser", - "type": { - "area": "AUDIT_LOG", - "action": "Audit Log search performed", - "actionI18nKey": "atlassian.audit.event.action.audit.search", - "categoryI18nKey": "atlassian.audit.event.category.audit", - "category": "Auditing", - "level": "BASE" - }, "extra_attributes": [ { "name": "Results returned", @@ -5706,13 +5761,28 @@ "nameI18nKey": "atlassian.audit.event.attribute.timestamp", "value": "2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z" } - ] + ], + "method": "Browser", + "type": { + "action": "Audit Log search performed", + "actionI18nKey": "atlassian.audit.event.action.audit.search", + "area": "AUDIT_LOG", + "category": "Auditing", + "categoryI18nKey": "atlassian.audit.event.category.audit", + "level": "BASE" + } } }, - "@timestamp": "2021-11-22T23:50:35.770Z", "ecs": { "version": "8.2.0" }, + "event": { + "action": "atlassian.audit.event.action.audit.search", + "ingested": "2022-02-24T20:24:06.949120746Z", + "kind": "event", + "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"63\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 63\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625035,\"nano\":770000000},\"version\":\"1.0\"}", + "type": "info" + }, "related": { "hosts": [ "confluence.internal" @@ -5725,34 +5795,28 @@ "address": "http://confluence.internal:8090" }, "source": { + "address": "81.2.69.143", "geo": { - "continent_name": "Europe", - "region_iso_code": "GB-ENG", "city_name": "London", + "continent_name": "Europe", "country_iso_code": "GB", "country_name": "United Kingdom", - "region_name": "England", "location": { - "lon": -0.0931, - "lat": 51.5142 - } + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" }, - "address": "81.2.69.143", "ip": "81.2.69.143" }, - "event": { - "action": "atlassian.audit.event.action.audit.search", - "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"63\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 63\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625035,\"nano\":770000000},\"version\":\"1.0\"}", - "type": "info", - "kind": "event" - }, + "tags": [ + "preserve_original_event" + ], "user": { "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000" - }, - "tags": [ - "preserve_original_event" - ] + } } ] } \ No newline at end of file From ff1d2fbd3c0856ca535706133f79eafa35eed914 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 17:50:51 -0500 Subject: [PATCH 03/30] jira: remove event.ingested --- .../data_stream/audit/_dev/test/pipeline/test-common-config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml index 5622947e4b8..4da22641654 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-common-config.yml @@ -1,5 +1,3 @@ -dynamic_fields: - event.ingested: ".*" fields: tags: - preserve_original_event From 3119eb0a6c8abe7eeab8a0d8d2b8cab443e8dc5a Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 18:08:00 -0500 Subject: [PATCH 04/30] jira: update test files without event.ingested --- .../pipeline/test-audit-api.log-expected.json | 98 +------------------ .../test-audit-files.log-expected.json | 88 ----------------- 2 files changed, 1 insertion(+), 185 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 9f9d50988f1..c03bd27f5fb 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -7,6 +7,7 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", + "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:47.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"45 - 94\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z\"}]}", "type": "info" }, @@ -87,7 +88,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208646585Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:40.008Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"44 - 93\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z\"}]}", "type": "info" @@ -172,7 +172,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208647897Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:34:23.154Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"personal.access.tokens.audit.log.category\",\"category\":\"Security\",\"actionI18nKey\":\"personal.access.tokens.audit.log.summary.token.created\",\"action\":\"Personal access token created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"User\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"personal.access.tokens.audit.log.extra.attribute.name\",\"name\":\"Token Name\",\"value\":\"asdf\"}]}", "type": [ @@ -239,7 +238,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208649106Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:32:20.234Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"40\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:33.746Z\"}]}", "type": "info" @@ -309,7 +307,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208650355Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:52.991Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"41 - 90\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"50\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:33.887Z - 2021-11-22T00:31:37.412Z\"}]}", "type": "info" @@ -379,7 +376,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208651548Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:37.412Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"69 - 78\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.227Z - 2021-11-22T00:08:34.249Z\"}]}", "type": "info" @@ -449,7 +445,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208652762Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:31:26.455Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 88\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:08:34.266Z - 2021-11-22T00:30:59.449Z\"}]}", "type": "info" @@ -519,7 +514,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208653964Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:30:59.449Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"87\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:26:03.206Z\"}]}", "type": "info" @@ -589,7 +583,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208655162Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:26:03.206Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"86\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:12:02.856Z\"}]}", "type": "info" @@ -659,7 +652,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:18.208656403Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:12:02.856Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"85\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"}]}", "type": "info" @@ -729,7 +721,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2022-02-24T20:23:18.208657625Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.545Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 3.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10002\",\"id\":\"10002\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 3.0\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -799,7 +790,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2022-02-24T20:23:18.208659079Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.543Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 2.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10001\",\"id\":\"10001\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 2.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-28\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -874,7 +864,6 @@ }, "event": { "action": "jira.auditing.version.released", - "ingested": "2022-02-24T20:23:18.208660277Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.released\",\"action\":\"Project version released\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -937,7 +926,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2022-02-24T20:23:18.208661516Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.521Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.version.created\",\"action\":\"Project version created\"},\"affectedObjects\":[{\"name\":\"Version 1.0\",\"type\":\"VERSION\",\"uri\":\"http://jira.internal:8088/secure/VersionEdit!default.jspa?versionId=10000\",\"id\":\"10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Version 1.0\"},{\"key\":\"Release date\",\"i18nKey\":\"version.releasedate\",\"to\":\"2021-11-14\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1012,7 +1000,6 @@ }, "event": { "action": "jira.auditing.project.roles.changed", - "ingested": "2022-02-24T20:23:18.208662726Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.506Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"action\":\"Project roles changed\"},\"affectedObjects\":[{\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\",\"id\":\"10100\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Users\",\"i18nKey\":\"admin.common.words.users\",\"to\":\"JIRAUSER10000\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1084,7 +1071,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:18.208663983Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.297Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.projects\",\"category\":\"projects\",\"actionI18nKey\":\"jira.auditing.project.created\",\"action\":\"Project created\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Default Assignee\",\"i18nKey\":\"admin.projects.default.assignee\",\"to\":\"Unassigned\"},{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"to\":\"\"},{\"key\":\"Key\",\"i18nKey\":\"common.words.key\",\"to\":\"TEST\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"test\"},{\"key\":\"Project Lead\",\"i18nKey\":\"common.concepts.projectlead\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1175,7 +1161,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", - "ingested": "2022-02-24T20:23:18.208665295Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.266Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"action\":\"Permission scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1242,7 +1227,6 @@ "configuration", "iam" ], - "ingested": "2022-02-24T20:23:18.208666492Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.249Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"action\":\"Permission scheme removed from project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1307,7 +1291,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208667730Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.243Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1376,7 +1359,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208668956Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.241Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Start/Complete Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1445,7 +1427,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208670160Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.239Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1514,7 +1495,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208671401Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.236Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Development Tools\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1583,7 +1563,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208672616Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.235Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Transition Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1652,7 +1631,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208673908Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.233Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Read-Only Workflow\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1721,7 +1699,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208675121Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.231Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1795,7 +1772,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208676347Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.229Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1864,7 +1840,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208677642Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.227Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -1938,7 +1913,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208678864Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.225Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Worklogs\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2007,7 +1981,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208680072Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.223Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2076,7 +2049,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208681281Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.221Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2150,7 +2122,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208683061Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.219Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2219,7 +2190,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208684444Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.217Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2293,7 +2263,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208685756Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.215Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Own Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2362,7 +2331,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208687152Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.212Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit All Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2436,7 +2404,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208688499Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.210Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2510,7 +2477,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208689729Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.208Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"View Voters and Watchers\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2579,7 +2545,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208690973Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.204Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Modify Reporter\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2653,7 +2618,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208692211Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.190Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Schedule Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2722,7 +2686,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208693452Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.187Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Move Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2791,7 +2754,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208694709Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.184Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Administer Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2865,7 +2827,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208695932Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.182Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Link Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -2934,7 +2895,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208697146Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.180Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Work On Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3003,7 +2963,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208698413Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.178Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Attachments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3072,7 +3031,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208699684Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.176Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Close Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3141,7 +3099,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208701019Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.174Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assignable User\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3210,7 +3167,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208702410Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.173Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Delete Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3284,7 +3240,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208703683Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.171Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Add Comments\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3353,7 +3308,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208704972Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.168Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Resolve Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3422,7 +3376,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208706234Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.166Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Assign Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3491,7 +3444,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208707489Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.165Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Edit Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3560,7 +3512,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208708896Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.163Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Issues\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3629,7 +3580,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208710125Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.151Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Projects\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Application access\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3698,7 +3648,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.created", - "ingested": "2022-02-24T20:23:18.208711361Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.142Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"action\":\"Permission scheme created\"},\"affectedObjects\":[{\"name\":\"Default software scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Default scheme for Software projects.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Default software scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3767,7 +3716,6 @@ }, "event": { "action": "Board created", - "ingested": "2022-02-24T20:23:18.208712608Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:34.072Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.boards\",\"category\":\"boards\",\"actionI18nKey\":\"Board created\",\"action\":\"Board created\"},\"affectedObjects\":[{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"},{\"name\":\"TEST board\",\"type\":\"BOARD\",\"uri\":\"http://jira.internal:8088/secure/RapidView.jspa?rapidView=1\",\"id\":\"1\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3830,7 +3778,6 @@ }, "event": { "action": "jira.auditing.filter.created", - "ingested": "2022-02-24T20:23:18.208713899Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.887Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.filters\",\"category\":\"filters\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"action\":\"Filter created\"},\"affectedObjects\":[{\"name\":\"Filter for TEST board\",\"type\":\"FILTER\",\"uri\":\"http://jira.internal:8088/issues/?filter=10000\",\"id\":\"10000\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"},{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.concepts.description\",\"from\":\"\"},{\"key\":\"JQL Query\",\"i18nKey\":\"jira.jql.query\",\"from\":\"\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"from\":\"\",\"to\":\"Filter for TEST board\"},{\"key\":\"Owner\",\"i18nKey\":\"common.concepts.owner\",\"from\":\"\",\"to\":\"test.user\"},{\"key\":\"Shared with\",\"i18nKey\":\"common.concepts.shared.with\",\"from\":\"[]\",\"to\":\"[Project: test (VIEW)]\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3926,7 +3873,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", - "ingested": "2022-02-24T20:23:18.208715118Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.746Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"action\":\"Workflow scheme added to project\"},\"affectedObjects\":[{\"name\":\"test\",\"type\":\"PROJECT\",\"uri\":\"http://jira.internal:8088/secure/ViewProject.jspa?pid=10000\",\"id\":\"10000\"},{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -3989,7 +3935,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.created", - "ingested": "2022-02-24T20:23:18.208716346Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.732Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"action\":\"Workflow scheme created\"},\"affectedObjects\":[{\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=10100\",\"id\":\"10100\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4058,7 +4003,6 @@ }, "event": { "action": "jira.auditing.workflow.created", - "ingested": "2022-02-24T20:23:18.208717557Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.710Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"action\":\"Workflow created\"},\"affectedObjects\":[{\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\",\"uri\":\"http://jira.internal:8088/secure/admin/workflows/ViewWorkflowSteps.jspa?workflowMode=live\u0026workflowName=Software Simplified Workflow for Project TEST\",\"id\":\"Software Simplified Workflow for Project TEST\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"key\":\"Status\",\"i18nKey\":\"common.words.status\",\"to\":\"To Do, In Progress, Done\"},{\"key\":\"Transition\",\"i18nKey\":\"admin.workflowtransition.transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4137,7 +4081,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:18.208718904Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.537Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10003\",\"id\":\"10003\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}]}", "type": "info" @@ -4201,7 +4144,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:18.208720150Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.536Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Duplicate\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10002\",\"id\":\"10002\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"The problem is a duplicate of an existing issue.\"}]}", "type": "info" @@ -4265,7 +4207,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:18.208721396Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.535Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Won't Do\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10001\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"This issue won't be actioned.\"}]}", "type": "info" @@ -4329,7 +4270,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:18.208722679Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:08:33.534Z\",\"author\":{\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"category\":\"workflows\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"action\":\"New resolution created\"},\"affectedObjects\":[{\"name\":\"Done\",\"type\":\"RESOLUTION\",\"uri\":\"http://jira.internal:8088/secure/admin/EditResolution!default.jspa?id=10000\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"common.concepts.description\",\"name\":\"Description\",\"value\":\"Work has been completed on this issue.\"}]}", "type": "info" @@ -4393,7 +4333,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208723998Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:09.088Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10111\",\"id\":\"customfield_10111\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Story Points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Number Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4470,7 +4409,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:18.208725206Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:09.037Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Story\",\"type\":\"ISSUE_TYPE\",\"id\":\"10001\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4528,7 +4466,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208726433Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.794Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10110\",\"id\":\"customfield_10110\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Rank\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Global Rank\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4602,7 +4539,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208727641Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.725Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10109\",\"id\":\"customfield_10109\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Epic Link Relationship\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4676,7 +4612,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208728857Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:02.694Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10108\",\"id\":\"customfield_10108\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Jira Software sprint field\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Sprint\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Jira Sprint Field\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4750,7 +4685,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208730130Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:01.669Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10107\",\"id\":\"customfield_10107\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Colour\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Colour of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4824,7 +4758,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208731336Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:07:01.644Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10106\",\"id\":\"customfield_10106\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Status\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Status of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4898,7 +4831,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208732561Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.522Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10105\",\"id\":\"customfield_10105\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"Provide a short name to identify this epic.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Epic Name\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Name of Epic\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -4975,7 +4907,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:18.208733791Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.485Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"category\":\"issue types\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"action\":\"Issue type created\"},\"affectedObjects\":[{\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\",\"id\":\"10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5033,7 +4964,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2022-02-24T20:23:18.208735009Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.340Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5090,7 +5020,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2022-02-24T20:23:18.208736230Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.332Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5147,7 +5076,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208737446Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.313Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10104\",\"id\":\"customfield_10104\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Original story points\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Original story points\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5216,7 +5144,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208738804Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.266Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10103\",\"id\":\"customfield_10103\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target end\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target end\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5290,7 +5217,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208740004Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:59.224Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10102\",\"id\":\"customfield_10102\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"common.words.description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Target start\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Target start\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5364,7 +5290,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2022-02-24T20:23:18.208741216Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.990Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"action\":\"Custom field updated\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5421,7 +5346,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208742423Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.974Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10101\",\"id\":\"customfield_10101\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Parent Link\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Parent Link\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5490,7 +5414,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:18.208743607Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:58.318Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.fields\",\"category\":\"fields\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"action\":\"Custom field created\"},\"affectedObjects\":[{\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\",\"uri\":\"http://jira.internal:8088/secure/admin/ConfigureCustomField!default.jspa?customFieldId=10100\",\"id\":\"customfield_10100\"}],\"changedValues\":[{\"key\":\"Name\",\"i18nKey\":\"common.words.name\",\"to\":\"Team\"},{\"key\":\"Type\",\"i18nKey\":\"common.words.type\",\"to\":\"Team\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5559,7 +5482,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208744801Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.162Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5633,7 +5555,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208746043Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.158Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"Manage Sprints\",\"to\":\"\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"Project Role\",\"to\":\"\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"Administrators\",\"to\":\"\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5707,7 +5628,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:18.208747273Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:57.138Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"action\":\"Permission scheme updated\"},\"affectedObjects\":[{\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\",\"uri\":\"http://jira.internal:8088/secure/admin/EditNotifications!default.jspa?schemeId=0\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Sprints\"},{\"key\":\"Type\",\"i18nKey\":\"admin.common.words.type\",\"from\":\"\",\"to\":\"Project Role\"},{\"key\":\"Value\",\"i18nKey\":\"admin.common.words.value\",\"from\":\"\",\"to\":\"Administrators\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -5784,7 +5704,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208748518Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.756Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5861,7 +5780,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208749713Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.754Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5935,7 +5853,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208750907Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.752Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6009,7 +5926,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208752120Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.751Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6083,7 +5999,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208753341Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.750Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-administrators\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6156,7 +6071,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208754553Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.734Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-administrators\"},{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6232,7 +6146,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208755785Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:06:49.600Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test.user\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Active / Inactive\",\"i18nKey\":\"admin.common.phrases.active.inactive\",\"to\":\"Active\"},{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"to\":\"test.user@example.com\"},{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"to\":\"Alex\"},{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"to\":\"test.user\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6324,7 +6237,6 @@ }, "event": { "action": "jira.auditing.system.license.added", - "ingested": "2022-02-24T20:23:18.208756984Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.596Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.system\",\"category\":\"system\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"action\":\"New license added\"},\"affectedObjects\":[{\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\",\"id\":\"0\"}],\"changedValues\":[{\"key\":\"Date Purchased\",\"i18nKey\":\"admin.license.date.purchased\",\"to\":\"21/Nov/21\"},{\"key\":\"License Type\",\"i18nKey\":\"admin.license.type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"key\":\"Organization\",\"i18nKey\":\"admin.license.organisation\",\"to\":\"myself\"},{\"key\":\"Server ID\",\"i18nKey\":\"admin.server.id\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"key\":\"Support Entitlement Number (SEN)\",\"i18nKey\":\"admin.license.sen\",\"to\":\"SEN-L17782970\"},{\"key\":\"User Limit\",\"i18nKey\":\"admin.license.user.limit\",\"to\":\"Unlimited\"},{\"key\":\"jira-software\",\"i18nKey\":\"jira-software\",\"to\":\"-1\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6421,7 +6333,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208758186Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.584Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Manage Group Filter Subscriptions\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6495,7 +6406,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208759413Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.583Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Create Shared Objects\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6569,7 +6479,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208760618Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.581Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Bulk Change\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6643,7 +6552,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:18.208761825Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.579Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"category\":\"permissions\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"admin.common.words.group\",\"from\":\"\",\"to\":\"jira-software-users\"},{\"key\":\"Permission\",\"i18nKey\":\"admin.common.words.permission\",\"from\":\"\",\"to\":\"Browse Users\"}],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6716,7 +6624,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208763038Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-22T00:05:08.514Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"category\":\"group management\",\"actionI18nKey\":\"jira.auditing.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\",\"uri\":\"http://jira.internal:8088/secure/ViewGroup.jspa?name=jira-software-users\"}],\"changedValues\":[],\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6778,7 +6685,6 @@ }, "event": { "action": "jira.auditing.user.renamed", - "ingested": "2022-02-24T20:23:18.208764265Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-28T18:18:26.076Z\",\"author\":{\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"common.words.username\",\"from\":\"admin.user\",\"to\":\"admin.user1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6853,7 +6759,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208765503Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-28T18:23:20.278Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Email\",\"i18nKey\":\"common.words.email\",\"from\":\"admin@example.com\",\"to\":\"admin1@example.com\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6932,7 +6837,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:18.208766776Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-28T18:23:13.741Z\",\"author\":{\"name\":\"admin.user1\",\"type\":\"ApplicationUser\",\"id\":\"10000\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"category\":\"user management\",\"actionI18nKey\":\"jira.auditing.user.updated\",\"action\":\"User updated\"},\"affectedObjects\":[{\"name\":\"admin.user1\",\"type\":\"USER\",\"uri\":\"http://jira.internal:8088/secure/ViewProfile.jspa?name=admin.user1\",\"id\":\"JIRAUSER10000\"}],\"changedValues\":[{\"key\":\"Full name\",\"i18nKey\":\"common.words.fullname\",\"from\":\"Admin User\",\"to\":\"Admin User1\"}],\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 511dfb47ad5..259ca35fa28 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -10,7 +10,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:26.113578087Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"jira.auditing.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":514000000},\"version\":\"1.0\"}", "type": [ @@ -77,7 +76,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113580723Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":579000000},\"version\":\"1.0\"}", "type": [ @@ -153,7 +151,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113581870Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":581000000},\"version\":\"1.0\"}", "type": [ @@ -229,7 +226,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113582965Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":583000000},\"version\":\"1.0\"}", "type": [ @@ -305,7 +301,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113584107Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-software-users\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":584000000},\"version\":\"1.0\"}", "type": [ @@ -377,7 +372,6 @@ }, "event": { "action": "jira.auditing.system.license.added", - "ingested": "2022-02-24T20:23:26.113585164Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"SEN-L17782970\",\"type\":\"LICENSE\"}],\"auditType\":{\"action\":\"New license added\",\"actionI18nKey\":\"jira.auditing.system.license.added\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"system\",\"categoryI18nKey\":\"jira.auditing.category.system\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"admin.license.organisation\",\"key\":\"Organization\",\"to\":\"myself\"},{\"i18nKey\":\"admin.license.date.purchased\",\"key\":\"Date Purchased\",\"to\":\"21/Nov/21\"},{\"i18nKey\":\"admin.license.type\",\"key\":\"License Type\",\"to\":\"Jira Software (Data Center): Evaluation\"},{\"i18nKey\":\"admin.server.id\",\"key\":\"Server ID\",\"to\":\"BGD5-PMSH-258I-VTTW\"},{\"i18nKey\":\"admin.license.sen\",\"key\":\"Support Entitlement Number (SEN)\",\"to\":\"SEN-L17782970\"},{\"i18nKey\":\"admin.license.user.limit\",\"key\":\"User Limit\",\"to\":\"Unlimited\"},{\"i18nKey\":\"jira-software\",\"key\":\"jira-software\",\"to\":\"-1\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":596000000},\"version\":\"1.0\"}", "type": "info" @@ -475,7 +469,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:26.113586234Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"jira.auditing.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"user management\",\"categoryI18nKey\":\"jira.auditing.category.usermanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.username\",\"key\":\"Username\",\"to\":\"test.user\"},{\"i18nKey\":\"common.words.fullname\",\"key\":\"Full name\",\"to\":\"Alex\"},{\"i18nKey\":\"common.words.email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"admin.common.phrases.active.inactive\",\"key\":\"Active / Inactive\",\"to\":\"Active\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":600000000},\"version\":\"1.0\"}", "type": [ @@ -571,7 +564,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:26.113587298Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-administrators\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":734000000},\"version\":\"1.0\"}", "type": [ @@ -648,7 +640,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113588371Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Bulk Change\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":750000000},\"version\":\"1.0\"}", "type": [ @@ -724,7 +715,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113589451Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Users\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":751000000},\"version\":\"1.0\"}", "type": [ @@ -800,7 +790,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113590515Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Shared Objects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":752000000},\"version\":\"1.0\"}", "type": [ @@ -876,7 +865,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:26.113591836Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Global Permissions\",\"type\":\"PERMISSIONS\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"jira.auditing.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Group Filter Subscriptions\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.group\",\"key\":\"Group\",\"to\":\"jira-administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":754000000},\"version\":\"1.0\"}", "type": [ @@ -951,7 +939,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:26.113592886Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"jira.auditing.user.added.to.group\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539609,\"nano\":756000000},\"version\":\"1.0\"}", "type": [ @@ -1024,7 +1011,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113593960Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":138000000},\"version\":\"1.0\"}", "type": "info" @@ -1099,7 +1085,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113595048Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"Manage Sprints\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"\"},{\"from\":\"Project Role\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"\"},{\"from\":\"Administrators\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":158000000},\"version\":\"1.0\"}", "type": "info" @@ -1174,7 +1159,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113596120Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539617,\"nano\":162000000},\"version\":\"1.0\"}", "type": "info" @@ -1249,7 +1233,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113597235Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10100\",\"name\":\"Team\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Team\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Team\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":318000000},\"version\":\"1.0\"}", "type": "info" @@ -1319,7 +1302,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113598274Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Parent Link\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Parent Link\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":974000000},\"version\":\"1.0\"}", "type": "info" @@ -1389,7 +1371,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2022-02-24T20:23:26.113599351Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10101\",\"name\":\"Parent Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539618,\"nano\":990000000},\"version\":\"1.0\"}", "type": "info" @@ -1447,7 +1428,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113600414Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target start\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted start date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target start\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":224000000},\"version\":\"1.0\"}", "type": "info" @@ -1522,7 +1502,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113601490Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Target end\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"The targeted end date. This custom field is created and required by Portfolio for Jira.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Target end\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":266000000},\"version\":\"1.0\"}", "type": "info" @@ -1597,7 +1576,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113602564Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10104\",\"name\":\"Original story points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Original story points\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Original story points\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":313000000},\"version\":\"1.0\"}", "type": "info" @@ -1667,7 +1645,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2022-02-24T20:23:26.113603627Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10102\",\"name\":\"Target start\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":332000000},\"version\":\"1.0\"}", "type": "info" @@ -1725,7 +1702,6 @@ }, "event": { "action": "jira.auditing.customfield.updated", - "ingested": "2022-02-24T20:23:26.113604732Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10103\",\"name\":\"Target end\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field updated\",\"actionI18nKey\":\"jira.auditing.customfield.updated\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":340000000},\"version\":\"1.0\"}", "type": "info" @@ -1786,7 +1762,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:26.113605790Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Epic\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":485000000},\"version\":\"1.0\"}", "type": [ @@ -1846,7 +1821,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113606888Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10105\",\"name\":\"Epic Name\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Name\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Provide a short name to identify this epic.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Name of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539619,\"nano\":522000000},\"version\":\"1.0\"}", "type": "info" @@ -1921,7 +1895,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113607979Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10106\",\"name\":\"Epic Status\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Status\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Status field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Status of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":644000000},\"version\":\"1.0\"}", "type": "info" @@ -1996,7 +1969,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113609084Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10107\",\"name\":\"Epic Colour\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Colour\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Epic Colour field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Colour of Epic\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539621,\"nano\":669000000},\"version\":\"1.0\"}", "type": "info" @@ -2071,7 +2043,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113610166Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10108\",\"name\":\"Sprint\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Sprint\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Jira Software sprint field\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Jira Sprint Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":694000000},\"version\":\"1.0\"}", "type": "info" @@ -2146,7 +2117,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113611247Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10109\",\"name\":\"Epic Link\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Epic Link\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Choose an epic to assign this issue to.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Epic Link Relationship\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":725000000},\"version\":\"1.0\"}", "type": "info" @@ -2221,7 +2191,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113612302Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10110\",\"name\":\"Rank\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Rank\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Global rank field for Jira Software use only.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Global Rank\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539622,\"nano\":794000000},\"version\":\"1.0\"}", "type": "info" @@ -2299,7 +2268,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:26.113613371Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Story\",\"type\":\"ISSUE_TYPE\"}],\"auditType\":{\"action\":\"Issue type created\",\"actionI18nKey\":\"jira.auditing.issue.type.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"issue types\",\"categoryI18nKey\":\"jira.auditing.category.issuetypes\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":37000000},\"version\":\"1.0\"}", "type": [ @@ -2359,7 +2327,6 @@ }, "event": { "action": "jira.auditing.customfield.created", - "ingested": "2022-02-24T20:23:26.113614427Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"customfield_10111\",\"name\":\"Story Points\",\"type\":\"CUSTOM_FIELD\"}],\"auditType\":{\"action\":\"Custom field created\",\"actionI18nKey\":\"jira.auditing.customfield.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"fields\",\"categoryI18nKey\":\"jira.auditing.category.fields\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Story Points\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Measurement of complexity and/or size of a requirement.\"},{\"i18nKey\":\"common.words.type\",\"key\":\"Type\",\"to\":\"Number Field\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539629,\"nano\":88000000},\"version\":\"1.0\"}", "type": "info" @@ -2434,7 +2401,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:26.113615494Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Done\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"Work has been completed on this issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":534000000},\"version\":\"1.0\"}", "type": "info" @@ -2499,7 +2465,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:26.113616636Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Won't Do\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"This issue won't be actioned.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":535000000},\"version\":\"1.0\"}", "type": "info" @@ -2564,7 +2529,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:26.113617697Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Duplicate\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"The problem is a duplicate of an existing issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":536000000},\"version\":\"1.0\"}", "type": "info" @@ -2629,7 +2593,6 @@ }, "event": { "action": "jira.auditing.resolutions.created", - "ingested": "2022-02-24T20:23:26.113618787Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10003\",\"name\":\"Cannot Reproduce\",\"type\":\"RESOLUTION\"}],\"auditType\":{\"action\":\"New resolution created\",\"actionI18nKey\":\"jira.auditing.resolutions.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Description\",\"nameI18nKey\":\"common.concepts.description\",\"value\":\"All attempts at reproducing this issue failed, or not enough information was available to reproduce the issue. Reading the code produces no clues as to why this behavior would occur. If more information appears later, please reopen the issue.\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":537000000},\"version\":\"1.0\"}", "type": "info" @@ -2694,7 +2657,6 @@ }, "event": { "action": "jira.auditing.workflow.created", - "ingested": "2022-02-24T20:23:26.113619835Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"Software Simplified Workflow for Project TEST\",\"name\":\"Software Simplified Workflow for Project TEST\",\"type\":\"WORKFLOW\"}],\"auditType\":{\"action\":\"Workflow created\",\"actionI18nKey\":\"jira.auditing.workflow.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.workflowtransition.transition\",\"key\":\"Transition\",\"to\":\"Create (To Do), To Do (To Do), In Progress (In Progress), Done (Done)\"},{\"i18nKey\":\"common.words.status\",\"key\":\"Status\",\"to\":\"To Do, In Progress, Done\"},{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Software Simplified Workflow for Project TEST\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow is managed internally by Jira Software. Do not manually modify this workflow.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":710000000},\"version\":\"1.0\"}", "type": "info" @@ -2774,7 +2736,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.created", - "ingested": "2022-02-24T20:23:26.113620913Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme created\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.created\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"TEST: Software Simplified Workflow Scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Generated by JIRA Software version 8.20.2. This workflow scheme is managed internally by Jira Software. Do not manually modify this workflow scheme.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":732000000},\"version\":\"1.0\"}", "type": "info" @@ -2844,7 +2805,6 @@ }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", - "ingested": "2022-02-24T20:23:26.113621984Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10100\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Workflow scheme added to project\",\"actionI18nKey\":\"jira.auditing.workflow.scheme.added.to.project\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"workflows\",\"categoryI18nKey\":\"jira.auditing.category.workflows\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":746000000},\"version\":\"1.0\"}", "type": "info" @@ -2907,7 +2867,6 @@ }, "event": { "action": "jira.auditing.filter.created", - "ingested": "2022-02-24T20:23:26.113623068Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Filter for TEST board\",\"type\":\"FILTER\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Filter created\",\"actionI18nKey\":\"jira.auditing.filter.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"filters\",\"categoryI18nKey\":\"jira.auditing.category.filters\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Filter for TEST board\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\"},{\"from\":\"\",\"i18nKey\":\"common.concepts.owner\",\"key\":\"Owner\",\"to\":\"test.user\"},{\"from\":\"[]\",\"i18nKey\":\"common.concepts.shared.with\",\"key\":\"Shared with\",\"to\":\"[Project: test (VIEW)]\"},{\"from\":\"\",\"i18nKey\":\"jira.jql.query\",\"key\":\"JQL Query\",\"to\":\"{project = \\\"TEST\\\"} order by Rank ASC\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539713,\"nano\":887000000},\"version\":\"1.0\"}", "type": "info" @@ -3002,7 +2961,6 @@ }, "event": { "action": "Board created", - "ingested": "2022-02-24T20:23:26.113624152Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"},{\"id\":\"1\",\"name\":\"TEST board\",\"type\":\"BOARD\"}],\"auditType\":{\"action\":\"Board created\",\"actionI18nKey\":\"Board created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"boards\",\"categoryI18nKey\":\"jira.auditing.category.boards\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":72000000},\"version\":\"1.0\"}", "type": "info" @@ -3065,7 +3023,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.created", - "ingested": "2022-02-24T20:23:26.113625238Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme created\",\"actionI18nKey\":\"jira.auditing.permission.scheme.created\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Default software scheme\"},{\"i18nKey\":\"common.words.description\",\"key\":\"Description\",\"to\":\"Default scheme for Software projects.\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":142000000},\"version\":\"1.0\"}", "type": "info" @@ -3135,7 +3092,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113626316Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Browse Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":151000000},\"version\":\"1.0\"}", "type": "info" @@ -3205,7 +3161,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113627401Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":163000000},\"version\":\"1.0\"}", "type": "info" @@ -3275,7 +3230,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113628443Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":165000000},\"version\":\"1.0\"}", "type": "info" @@ -3345,7 +3299,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113629485Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assign Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":166000000},\"version\":\"1.0\"}", "type": "info" @@ -3415,7 +3368,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113630529Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Resolve Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":168000000},\"version\":\"1.0\"}", "type": "info" @@ -3485,7 +3437,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113631578Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Add Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":171000000},\"version\":\"1.0\"}", "type": "info" @@ -3555,7 +3506,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113632643Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":173000000},\"version\":\"1.0\"}", "type": "info" @@ -3630,7 +3580,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113633774Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Assignable User\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":174000000},\"version\":\"1.0\"}", "type": "info" @@ -3700,7 +3649,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113634857Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Close Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":176000000},\"version\":\"1.0\"}", "type": "info" @@ -3770,7 +3718,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113635924Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Create Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":178000000},\"version\":\"1.0\"}", "type": "info" @@ -3840,7 +3787,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113637040Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Work On Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":180000000},\"version\":\"1.0\"}", "type": "info" @@ -3910,7 +3856,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113638101Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Link Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":182000000},\"version\":\"1.0\"}", "type": "info" @@ -3980,7 +3925,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113639179Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Administer Projects\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":184000000},\"version\":\"1.0\"}", "type": "info" @@ -4055,7 +3999,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113640244Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Move Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":187000000},\"version\":\"1.0\"}", "type": "info" @@ -4125,7 +4068,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113641293Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Schedule Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":190000000},\"version\":\"1.0\"}", "type": "info" @@ -4195,7 +4137,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113642375Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Modify Reporter\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":204000000},\"version\":\"1.0\"}", "type": "info" @@ -4270,7 +4211,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113643468Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Voters and Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":208000000},\"version\":\"1.0\"}", "type": "info" @@ -4340,7 +4280,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113644573Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Watchers\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":210000000},\"version\":\"1.0\"}", "type": "info" @@ -4415,7 +4354,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113645653Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":212000000},\"version\":\"1.0\"}", "type": "info" @@ -4490,7 +4428,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113646712Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":215000000},\"version\":\"1.0\"}", "type": "info" @@ -4560,7 +4497,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113647772Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":217000000},\"version\":\"1.0\"}", "type": "info" @@ -4635,7 +4571,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113648845Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Comments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":219000000},\"version\":\"1.0\"}", "type": "info" @@ -4705,7 +4640,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113649916Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":221000000},\"version\":\"1.0\"}", "type": "info" @@ -4780,7 +4714,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113650987Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Attachments\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":223000000},\"version\":\"1.0\"}", "type": "info" @@ -4850,7 +4783,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113652059Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":225000000},\"version\":\"1.0\"}", "type": "info" @@ -4920,7 +4852,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113653109Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":227000000},\"version\":\"1.0\"}", "type": "info" @@ -4995,7 +4926,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113654179Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete Own Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":229000000},\"version\":\"1.0\"}", "type": "info" @@ -5065,7 +4995,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113656857Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Delete All Worklogs\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Project Role\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.value\",\"key\":\"Value\",\"to\":\"Administrators\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":231000000},\"version\":\"1.0\"}", "type": "info" @@ -5140,7 +5069,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113657952Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Read-Only Workflow\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":233000000},\"version\":\"1.0\"}", "type": "info" @@ -5210,7 +5138,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113659041Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Transition Issues\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":235000000},\"version\":\"1.0\"}", "type": "info" @@ -5280,7 +5207,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113660110Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"View Development Tools\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":236000000},\"version\":\"1.0\"}", "type": "info" @@ -5350,7 +5276,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113661237Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Manage Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":239000000},\"version\":\"1.0\"}", "type": "info" @@ -5420,7 +5345,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113662341Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Start/Complete Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":241000000},\"version\":\"1.0\"}", "type": "info" @@ -5490,7 +5414,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.updated", - "ingested": "2022-02-24T20:23:26.113663425Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme updated\",\"actionI18nKey\":\"jira.auditing.permission.scheme.updated\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"from\":\"\",\"i18nKey\":\"admin.common.words.permission\",\"key\":\"Permission\",\"to\":\"Edit Sprints\"},{\"from\":\"\",\"i18nKey\":\"admin.common.words.type\",\"key\":\"Type\",\"to\":\"Application access\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":243000000},\"version\":\"1.0\"}", "type": "info" @@ -5564,7 +5487,6 @@ "configuration", "iam" ], - "ingested": "2022-02-24T20:23:26.113664498Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"0\",\"name\":\"Default Permission Scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme removed from project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.removed.from.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":249000000},\"version\":\"1.0\"}", "type": [ @@ -5641,7 +5563,6 @@ }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", - "ingested": "2022-02-24T20:23:26.113665581Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"10000\",\"name\":\"Default software scheme\",\"type\":\"SCHEME\"}],\"auditType\":{\"action\":\"Permission scheme added to project\",\"actionI18nKey\":\"jira.auditing.permission.scheme.added.to.project\",\"area\":\"PERMISSIONS\",\"category\":\"permissions\",\"categoryI18nKey\":\"jira.auditing.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":266000000},\"version\":\"1.0\"}", "type": "info" @@ -5707,7 +5628,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:26.113666652Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"},{\"id\":\"JIRAUSER10000\",\"name\":\"test.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"Project created\",\"actionI18nKey\":\"jira.auditing.project.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"test\"},{\"i18nKey\":\"common.words.key\",\"key\":\"Key\",\"to\":\"TEST\"},{\"i18nKey\":\"common.concepts.description\",\"key\":\"Description\",\"to\":\"\"},{\"i18nKey\":\"common.concepts.projectlead\",\"key\":\"Project Lead\",\"to\":\"test.user\"},{\"i18nKey\":\"admin.projects.default.assignee\",\"key\":\"Default Assignee\",\"to\":\"Unassigned\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":297000000},\"version\":\"1.0\"}", "type": [ @@ -5798,7 +5718,6 @@ }, "event": { "action": "jira.auditing.project.roles.changed", - "ingested": "2022-02-24T20:23:26.113667709Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10100\",\"name\":\"Developers\",\"type\":\"PROJECT_ROLE\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project roles changed\",\"actionI18nKey\":\"jira.auditing.project.roles.changed\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"admin.common.words.users\",\"key\":\"Users\",\"to\":\"JIRAUSER10000\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":506000000},\"version\":\"1.0\"}", "type": "info" @@ -5868,7 +5787,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2022-02-24T20:23:26.113668769Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 1.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-14\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":521000000},\"version\":\"1.0\"}", "type": "info" @@ -5943,7 +5861,6 @@ }, "event": { "action": "jira.auditing.version.released", - "ingested": "2022-02-24T20:23:26.113669833Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"Version 1.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version released\",\"actionI18nKey\":\"jira.auditing.version.released\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"175.16.199.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":535000000},\"version\":\"1.0\"}", "type": "info" @@ -6018,7 +5935,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2022-02-24T20:23:26.113670903Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10001\",\"name\":\"Version 2.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 2.0\"},{\"i18nKey\":\"version.releasedate\",\"key\":\"Release date\",\"to\":\"2021-11-28\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":543000000},\"version\":\"1.0\"}", "type": "info" @@ -6093,7 +6009,6 @@ }, "event": { "action": "jira.auditing.version.created", - "ingested": "2022-02-24T20:23:26.113671962Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10002\",\"name\":\"Version 3.0\",\"type\":\"VERSION\"},{\"id\":\"10000\",\"name\":\"test\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project version created\",\"actionI18nKey\":\"jira.auditing.version.created\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"projects\",\"categoryI18nKey\":\"jira.auditing.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[{\"i18nKey\":\"common.words.name\",\"key\":\"Name\",\"to\":\"Version 3.0\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539714,\"nano\":545000000},\"version\":\"1.0\"}", "type": "info" @@ -6163,7 +6078,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:26.113673025Z", "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"10000\",\"name\":\"test.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=test.user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"85\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T00:05:08.514Z - 2021-11-22T00:08:34.545Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 85\"}],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539922,\"nano\":856000000},\"version\":\"1.0\"}", "type": "info" @@ -6238,7 +6152,6 @@ "category": [ "authentication" ], - "ingested": "2022-02-24T20:23:26.113674100Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login failed\",\"actionI18nKey\":\"jira.auditing.user.login.failed\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Current number of failed login attempts\",\"nameI18nKey\":\"jira.auditing.user.login.failed.count\",\"value\":\"2\"},{\"name\":\"Reason for failed login\",\"nameI18nKey\":\"jira.auditing.user.login.failed.reason\",\"value\":\"User couldn't be authenticated\"}],\"method\":\"Browser\",\"source\":\"172.17.0.1\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955310,\"nano\":718000000},\"version\":\"1.0\"}", "outcome": "failure", @@ -6314,7 +6227,6 @@ "category": [ "authentication" ], - "ingested": "2022-02-24T20:23:26.113675163Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"USER\"}],\"auditType\":{\"action\":\"User login successful\",\"actionI18nKey\":\"jira.auditing.user.logged.in\",\"area\":\"SECURITY\",\"category\":\"login\",\"categoryI18nKey\":\"jira.auditing.category.login\",\"level\":\"FULL\"},\"author\":{\"id\":\"10000\",\"name\":\"admin.user\",\"type\":\"ApplicationUser\",\"uri\":\"/secure/ViewProfile.jspa?name=admin.user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.100.100.2\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637955209,\"nano\":363000000},\"version\":\"1.0\"}", "outcome": "success", From d55d0ad49e1f66142a91005e5ba548ea36635ffb Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 17:45:25 -0500 Subject: [PATCH 05/30] confluence: remove event.ingested --- .../data_stream/audit/_dev/test/pipeline/test-common-config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml index 5622947e4b8..4da22641654 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-common-config.yml @@ -1,5 +1,3 @@ -dynamic_fields: - event.ingested: ".*" fields: tags: - preserve_original_event From 939f822818ba6ca9c80e2dd57eceecbe228a9331 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 17:41:48 -0500 Subject: [PATCH 06/30] confluence: update test files without event.ingested [git-generate] cd packages/atlassian_confluence elastic-package test pipeline -g --- .../pipeline/test-audit-api.log-expected.json | 182 ------------------ .../test-audit-files.log-expected.json | 64 ------ 2 files changed, 246 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index a4590851d8b..4b6efb56454 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -39,7 +39,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212553956Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:44:36.398Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"79 - 178\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z\"}]}", "type": "info" @@ -122,7 +121,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212557830Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:43:12.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"76\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.149Z\"}]}", "type": "info" @@ -205,7 +203,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212559405Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:41:45.280Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"77 - 176\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.155Z - 2021-11-23T00:41:17.165Z\"}]}", "type": "info" @@ -288,7 +285,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212560821Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:41:17.165Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"74\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.137Z\"}]}", "type": "info" @@ -371,7 +367,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212562228Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:41:16.741Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"75 - 174\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.143Z - 2021-11-23T00:41:07.156Z\"}]}", "type": "info" @@ -454,7 +449,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212563827Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:41:07.156Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"72\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.128Z\"}]}", "type": "info" @@ -537,7 +531,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212565244Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:41:06.871Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"73 - 172\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.132Z - 2021-11-23T00:40:32.595Z\"}]}", "type": "info" @@ -620,7 +613,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212566864Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:40:32.595Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"70\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:39:37.115Z\"}]}", "type": "info" @@ -703,7 +695,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212568321Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:40:32.138Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"71 - 170\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"100\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:39:37.122Z - 2021-11-23T00:39:37.908Z\"}]}", "type": "info" @@ -800,7 +791,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212569740Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.908Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -900,7 +890,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212571197Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.904Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1000,7 +989,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212573080Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.899Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1093,7 +1081,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212574550Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.895Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1193,7 +1180,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212576023Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.891Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1293,7 +1279,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212577473Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.887Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1393,7 +1378,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212579025Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.882Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1486,7 +1470,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212580513Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.877Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1586,7 +1569,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212581966Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.872Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1686,7 +1668,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212583473Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.868Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1786,7 +1767,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212584842Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.862Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1879,7 +1859,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212586359Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.858Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -1979,7 +1958,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212587788Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.853Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2079,7 +2057,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212589162Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.848Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2179,7 +2156,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212590629Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.841Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2272,7 +2248,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212592341Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.832Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2372,7 +2347,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212593741Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.821Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2472,7 +2446,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212595164Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.811Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2572,7 +2545,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212596533Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.796Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2665,7 +2637,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212597911Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.785Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2765,7 +2736,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212599455Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.777Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2865,7 +2835,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212600859Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.770Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -2965,7 +2934,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212602364Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.756Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3058,7 +3026,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212603810Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.751Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3158,7 +3125,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212605230Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.744Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3258,7 +3224,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212606782Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.728Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3358,7 +3323,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212608274Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.713Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3451,7 +3415,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212609832Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.705Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3551,7 +3514,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212611258Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.688Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3651,7 +3613,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212612669Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.675Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3751,7 +3712,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212614093Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.668Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3844,7 +3804,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212615548Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.654Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -3944,7 +3903,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212616979Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.644Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4044,7 +4002,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212618433Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.639Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4144,7 +4101,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212619872Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.634Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4244,7 +4200,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212621339Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.628Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4344,7 +4299,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212622727Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.618Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4437,7 +4391,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212624080Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.612Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4537,7 +4490,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212625510Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.606Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4637,7 +4589,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212626975Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.596Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4737,7 +4688,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212628412Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.592Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4830,7 +4780,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212629987Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.588Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -4930,7 +4879,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212631475Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.584Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5030,7 +4978,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212632950Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.580Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5130,7 +5077,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212634366Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.575Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5223,7 +5169,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212635761Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.571Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5323,7 +5268,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212637261Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.567Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5423,7 +5367,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212638709Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.556Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5523,7 +5466,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212640111Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.454Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5616,7 +5558,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212641773Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.444Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5716,7 +5657,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212643197Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.435Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5816,7 +5756,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212644606Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.424Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -5916,7 +5855,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212646080Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.404Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ASDF\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -6007,7 +5945,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212647540Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6095,7 +6032,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212648985Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.375Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6183,7 +6119,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212650399Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.366Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6271,7 +6206,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212651818Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.361Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6359,7 +6293,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212653243Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.357Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6447,7 +6380,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212654599Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.350Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6535,7 +6467,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212656055Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.342Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6616,7 +6547,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212657503Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.330Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6704,7 +6634,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212658961Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.324Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6792,7 +6721,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212660340Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.311Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6880,7 +6808,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212661809Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.303Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -6968,7 +6895,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212663294Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.295Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETPAGEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7056,7 +6982,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212664918Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.290Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7137,7 +7062,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212666360Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.285Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7225,7 +7149,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212667787Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.282Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7313,7 +7236,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212669289Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.278Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7401,7 +7323,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212670699Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.274Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7482,7 +7403,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212672085Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.270Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7570,7 +7490,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212673583Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.266Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7658,7 +7577,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212675055Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.262Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7746,7 +7664,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212676534Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.258Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7827,7 +7744,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212678093Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.254Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -7915,7 +7831,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212679486Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.250Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8003,7 +7918,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212680910Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.246Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8091,7 +8005,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212682365Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.242Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EXPORTPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8172,7 +8085,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212683795Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.238Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8260,7 +8172,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212685269Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.234Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8348,7 +8259,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212686734Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.230Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8436,7 +8346,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212688138Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.225Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8517,7 +8426,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212689612Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.221Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8605,7 +8513,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212691098Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.217Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8693,7 +8600,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212692516Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.212Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8781,7 +8687,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212693989Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.208Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8862,7 +8767,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212695360Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.204Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -8950,7 +8854,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212696744Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.200Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9038,7 +8941,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212698218Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.194Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"CREATEATTACHMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9126,7 +9028,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212699650Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.188Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9207,7 +9108,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212701070Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.176Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9288,7 +9188,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212702510Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.166Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9376,7 +9275,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212703932Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.160Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9464,7 +9362,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212705342Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.155Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9552,7 +9449,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212706788Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.149Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9633,7 +9529,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212708202Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.143Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9721,7 +9616,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212709599Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.137Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9809,7 +9703,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212711386Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.132Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVECOMMENT\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9897,7 +9790,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212712836Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.128Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -9985,7 +9877,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212714344Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.122Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10073,7 +9964,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212715818Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.115Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10154,7 +10044,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212717346Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.107Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10242,7 +10131,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212718793Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.099Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10330,7 +10218,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212720179Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.091Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"},{\"key\":\"User\",\"i18nKey\":\"User\",\"from\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10418,7 +10305,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212721628Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.055Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"from\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10499,7 +10385,6 @@ }, "event": { "action": "audit.logging.summary.space.permission.removed", - "ingested": "2022-02-24T20:23:44.212723045Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:37.008Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.removed\",\"action\":\"Space permission removed\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Type\",\"i18nKey\":\"Type\",\"from\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10603,7 +10488,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:44.212724447Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:36.900Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.spaces\",\"category\":\"Spaces\",\"actionI18nKey\":\"audit.logging.summary.space.config.updated\",\"action\":\"Space configuration updated\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"\"},{\"key\":\"Home page\",\"i18nKey\":\"Home page\",\"to\":\"page: asdf v.1 (65593)\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"asdf\"},{\"key\":\"Space key\",\"i18nKey\":\"Space key\",\"to\":\"ASDF\"},{\"key\":\"Space status\",\"i18nKey\":\"Space status\",\"to\":\"CURRENT\"},{\"key\":\"Space type\",\"i18nKey\":\"Space type\",\"to\":\"global\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -10675,7 +10559,6 @@ }, "event": { "action": "audit.logging.summary.space.import", - "ingested": "2022-02-24T20:23:44.212725964Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:36.323Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ASDF\",\"id\":\"98306\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -10759,7 +10642,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212727476Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:39:11.067Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"52 - 61\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:39:11.057109Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.299Z - 2021-11-23T00:38:58.965Z\"}]}", "type": "info" @@ -10843,7 +10725,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212728967Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:38:58.965Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"60 - 60\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:58.959089Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"1\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:38:57.393Z - 2021-11-23T00:38:57.393Z\"}]}", "type": "info" @@ -10927,7 +10808,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212730468Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:38:57.393Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 59\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:57.380777Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"11\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:42.240Z\"}]}", "type": "info" @@ -11011,7 +10891,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212731930Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:38:42.240Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"49 - 58\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:42.224135Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"10\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:35:04.294Z - 2021-11-23T00:38:35.211Z\"}]}", "type": "info" @@ -11095,7 +10974,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:23:44.212809385Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:38:35.211Z\",\"author\":{\"name\":\"test user\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"action\":\"Audit Log search performed\"},\"affectedObjects\":[],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[{\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"name\":\"ID Range\",\"value\":\"1 - 57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"name\":\"Query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-23T00:38:35.065543Z;\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"name\":\"Results returned\",\"value\":\"57\"},{\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"name\":\"Timestamp Range\",\"value\":\"2021-11-23T00:34:44.466Z - 2021-11-23T00:35:04.387Z\"}]}", "type": "info" @@ -11167,7 +11045,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:23:44.212815283Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.387Z\",\"author\":{\"name\":\"System\",\"type\":\"system\",\"id\":\"-1\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"category\":\"Auditing\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"action\":\"Audit Log configuration updated\"},\"affectedObjects\":[],\"changedValues\":[{\"key\":\"Retention\",\"i18nKey\":\"atlassian.audit.event.change.retention\",\"to\":\"3 Years\"}],\"system\":\"http://confluence.internal:8090\",\"method\":\"System\",\"extraAttributes\":[]}", "type": [ @@ -11244,7 +11121,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212816780Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.306Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11340,7 +11216,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212818224Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.305Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11429,7 +11304,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212819729Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.303Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11525,7 +11399,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212821185Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.301Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11621,7 +11494,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212822641Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.299Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEMAIL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11710,7 +11582,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212824091Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.298Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11806,7 +11677,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212825534Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.296Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11902,7 +11772,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212827033Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.294Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EXPORTSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -11991,7 +11860,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212828485Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.292Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12087,7 +11955,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212829873Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.290Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12183,7 +12050,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212831321Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.288Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12272,7 +12138,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212832784Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.287Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12368,7 +12233,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212834233Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.285Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12464,7 +12328,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212835690Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.283Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12553,7 +12416,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212837209Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.281Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12649,7 +12511,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212838680Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.279Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12745,7 +12606,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212840137Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.277Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATEATTACHMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12834,7 +12694,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212841707Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.275Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -12930,7 +12789,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212843080Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.273Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13026,7 +12884,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212844516Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.271Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEBLOG\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13115,7 +12972,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212845965Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.269Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13211,7 +13067,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212847420Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.267Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13307,7 +13162,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212848860Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.265Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVECOMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13396,7 +13250,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212850360Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.262Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13492,7 +13345,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212851795Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.259Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13588,7 +13440,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212853281Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.257Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEPAGE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13684,7 +13535,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212854698Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.255Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13773,7 +13623,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212856056Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13869,7 +13718,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212857453Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -13965,7 +13813,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212858856Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.249Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"EDITSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14054,7 +13901,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212860218Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.247Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14150,7 +13996,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212861612Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.245Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14246,7 +14091,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212863022Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.242Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"COMMENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14335,7 +14179,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212864432Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.240Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14431,7 +14274,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212865836Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.238Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14527,7 +14369,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212867224Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.235Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14616,7 +14457,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212868754Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.231Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14712,7 +14552,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212870135Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.219Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14808,7 +14647,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212871578Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:04.192Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"action\":\"Space permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Space\",\"i18nKey\":\"Space\",\"to\":\"ds\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"VIEWSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14886,7 +14724,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212872969Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.950Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -14975,7 +14812,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212874368Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.924Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"action\":\"User added to group\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"},{\"name\":\"admin\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15080,7 +14916,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212876120Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.860Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"action\":\"User created\"},\"affectedObjects\":[{\"name\":\"test user\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin\",\"id\":\"2c9680837d4a3682017d4a375a280000\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"to\":\"test user\"},{\"key\":\"Email\",\"i18nKey\":\"Email\",\"to\":\"test.user@example.com\"},{\"key\":\"Username\",\"i18nKey\":\"Username\",\"to\":\"admin\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15178,7 +15013,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212877559Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.253Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15263,7 +15097,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212879034Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.251Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"CREATESPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15348,7 +15181,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212880434Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.250Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15433,7 +15265,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212881825Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.246Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15518,7 +15349,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212883240Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.243Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15603,7 +15433,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212884671Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.241Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15688,7 +15517,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212886070Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.239Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-users\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15773,7 +15601,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:23:44.212887456Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.217Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.permissions\",\"category\":\"Permissions\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"action\":\"Global permission added\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[{\"key\":\"Group\",\"i18nKey\":\"Group\",\"to\":\"confluence-administrators\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15845,7 +15672,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212889036Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.201Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-users\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users\",\"id\":\"confluence-users\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -15921,7 +15747,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212890451Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.188Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"action\":\"Group created\"},\"affectedObjects\":[{\"name\":\"confluence-administrators\",\"type\":\"Group\",\"uri\":\"http://confluence.internal:8090/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-administrators\",\"id\":\"confluence-administrators\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -16084,7 +15909,6 @@ }, "event": { "action": "audit.logging.summary.directory.added", - "ingested": "2022-02-24T20:23:44.212891926Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:35:03.109Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"action\":\"User directory created\"},\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"changedValues\":[{\"key\":\"Active\",\"i18nKey\":\"Active\",\"to\":\"Yes\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"key\":\"Allowed operation\",\"i18nKey\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"key\":\"Description\",\"i18nKey\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"key\":\"Encryption type\",\"i18nKey\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"key\":\"ID\",\"i18nKey\":\"ID\",\"to\":\"327681\"},{\"key\":\"Name\",\"i18nKey\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"key\":\"Type\",\"i18nKey\":\"Type\",\"to\":\"INTERNAL\"}],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -16150,7 +15974,6 @@ }, "event": { "action": "audit.logging.summary.space.import", - "ingested": "2022-02-24T20:23:44.212893349Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:34:46.735Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.import.export\",\"category\":\"Import/Export\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"action\":\"Space import\"},\"affectedObjects\":[{\"name\":\"Demonstration Space\",\"type\":\"Space\",\"uri\":\"http://confluence.internal:8090/display/ds\",\"id\":\"98305\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -16214,7 +16037,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2022-02-24T20:23:44.212894714Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:34:45.732Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -16278,7 +16100,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2022-02-24T20:23:44.212896090Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-23T00:34:44.466Z\",\"author\":{\"name\":\"Anonymous\",\"type\":\"user\",\"id\":\"-2\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.plugins\",\"category\":\"Apps\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"action\":\"App enabled\"},\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"changedValues\":[],\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": "info" @@ -16355,7 +16176,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212897577Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-28T17:05:37.142Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.renamed\",\"action\":\"User renamed\"},\"affectedObjects\":[{\"name\":\"asdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Username\",\"i18nKey\":\"audit.logging.changed.value.username\",\"from\":\"asdf\",\"to\":\"asdf123\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -16427,7 +16247,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212899022Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-28T17:06:11.805Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ @@ -16505,7 +16324,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:23:44.212900390Z", "kind": "event", "original": "{\"timestamp\":\"2021-11-28T17:05:37.158Z\",\"author\":{\"name\":\"Joe Bob\",\"type\":\"user\",\"id\":\"2c9680837d4a3682017d4a375a280000\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=admin123\",\"avatarUri\":\"\"},\"type\":{\"categoryI18nKey\":\"audit.logging.category.user.management\",\"category\":\"Users and groups\",\"actionI18nKey\":\"audit.logging.summary.user.updated\",\"action\":\"User details updated\"},\"affectedObjects\":[{\"name\":\"asdf asdfasdf\",\"type\":\"User\",\"uri\":\"http://confluence.internal:8090/admin/users/viewuser.action?username=asdf123\",\"id\":\"2c9680837d4a3682017d67821e520003\"}],\"changedValues\":[{\"key\":\"Display name\",\"i18nKey\":\"Display name\",\"from\":\"asdf\",\"to\":\"asdf asdfasdf\"}],\"source\":\"10.100.100.2\",\"system\":\"http://confluence.internal:8090\",\"method\":\"Browser\",\"extraAttributes\":[]}", "type": [ diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index f15c6b748a7..6e363aa3124 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -26,7 +26,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2022-02-24T20:24:06.949054738Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Synchrony Interop Bootstrap Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624567,\"nano\":332000000},\"version\":\"1.0\"}", "type": "info" @@ -92,7 +91,6 @@ }, "event": { "action": "audit.logging.summary.plugin.enabled", - "ingested": "2022-02-24T20:24:06.949057299Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Confluence Collaborative Editor Plugin\",\"type\":\"App\"}],\"auditType\":{\"action\":\"App enabled\",\"actionI18nKey\":\"audit.logging.summary.plugin.enabled\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Apps\",\"categoryI18nKey\":\"audit.logging.category.plugins\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624565,\"nano\":791000000},\"version\":\"1.0\"}", "type": "info" @@ -159,7 +157,6 @@ }, "event": { "action": "audit.logging.summary.space.import", - "ingested": "2022-02-24T20:24:06.949058376Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space import\",\"actionI18nKey\":\"audit.logging.summary.space.import\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Import/Export\",\"categoryI18nKey\":\"audit.logging.category.import.export\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624569,\"nano\":660000000},\"version\":\"1.0\"}", "type": "info" @@ -317,7 +314,6 @@ }, "event": { "action": "audit.logging.summary.directory.added", - "ingested": "2022-02-24T20:24:06.949059490Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Confluence Internal Directory\",\"type\":\"Directory\"}],\"auditType\":{\"action\":\"User directory created\",\"actionI18nKey\":\"audit.logging.summary.directory.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"ID\",\"key\":\"ID\",\"to\":\"327681\"},{\"i18nKey\":\"Name\",\"key\":\"Name\",\"to\":\"Confluence Internal Directory\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"},{\"i18nKey\":\"Encryption type\",\"key\":\"Encryption type\",\"to\":\"atlassian-security\"},{\"i18nKey\":\"Description\",\"key\":\"Description\",\"to\":\"Confluence default internal directory\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"INTERNAL\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_GROUP\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"DELETE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_GROUP_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_USER\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE_ATTRIBUTE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"UPDATE_ROLE\"},{\"i18nKey\":\"Allowed operation\",\"key\":\"Allowed operation\",\"to\":\"CREATE_GROUP\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":440000000},\"version\":\"1.0\"}", "type": "info" @@ -387,7 +383,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949060614Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":536000000},\"version\":\"1.0\"}", "type": [ @@ -464,7 +459,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949061652Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"audit.logging.summary.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":552000000},\"version\":\"1.0\"}", "type": [ @@ -554,7 +548,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949062680Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":592000000},\"version\":\"1.0\"}", "type": [ @@ -640,7 +633,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949063734Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":620000000},\"version\":\"1.0\"}", "type": [ @@ -726,7 +718,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949064739Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"ADMINISTRATECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":623000000},\"version\":\"1.0\"}", "type": [ @@ -812,7 +803,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949065749Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"USECONFLUENCE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":627000000},\"version\":\"1.0\"}", "type": [ @@ -898,7 +888,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949066755Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SYSTEMADMINISTRATOR\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":688000000},\"version\":\"1.0\"}", "type": [ @@ -984,7 +973,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949067899Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"PERSONALSPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":692000000},\"version\":\"1.0\"}", "type": [ @@ -1070,7 +1058,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949068895Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":694000000},\"version\":\"1.0\"}", "type": [ @@ -1156,7 +1143,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949069878Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"}],\"auditType\":{\"action\":\"Global permission added\",\"actionI18nKey\":\"audit.logging.summary.global.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATESPACE\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624601,\"nano\":696000000},\"version\":\"1.0\"}", "type": [ @@ -1251,7 +1237,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949070897Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"test.user\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"test.user@example.com\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"admin\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":54000000},\"version\":\"1.0\"}", "type": [ @@ -1341,7 +1326,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949071885Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":147000000},\"version\":\"1.0\"}", "type": [ @@ -1430,7 +1414,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949072977Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"admin\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":172000000},\"version\":\"1.0\"}", "type": [ @@ -1537,7 +1520,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949073983Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":401000000},\"version\":\"1.0\"}", "type": [ @@ -1633,7 +1615,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949074994Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":429000000},\"version\":\"1.0\"}", "type": [ @@ -1723,7 +1704,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949076017Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"VIEWSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":437000000},\"version\":\"1.0\"}", "type": [ @@ -1819,7 +1799,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949077018Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":442000000},\"version\":\"1.0\"}", "type": [ @@ -1915,7 +1894,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949077993Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":445000000},\"version\":\"1.0\"}", "type": [ @@ -2005,7 +1983,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949078987Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEOWNCONTENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":447000000},\"version\":\"1.0\"}", "type": [ @@ -2101,7 +2078,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949080026Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":450000000},\"version\":\"1.0\"}", "type": [ @@ -2197,7 +2173,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949081016Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":454000000},\"version\":\"1.0\"}", "type": [ @@ -2287,7 +2262,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949082037Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"COMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":457000000},\"version\":\"1.0\"}", "type": [ @@ -2383,7 +2357,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949083059Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":459000000},\"version\":\"1.0\"}", "type": [ @@ -2479,7 +2452,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949084103Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":462000000},\"version\":\"1.0\"}", "type": [ @@ -2569,7 +2541,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949085110Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":464000000},\"version\":\"1.0\"}", "type": [ @@ -2665,7 +2636,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949086197Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETSPACEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":467000000},\"version\":\"1.0\"}", "type": [ @@ -2761,7 +2731,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949087212Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":470000000},\"version\":\"1.0\"}", "type": [ @@ -2857,7 +2826,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949088243Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":472000000},\"version\":\"1.0\"}", "type": [ @@ -2947,7 +2915,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949089254Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEPAGE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":475000000},\"version\":\"1.0\"}", "type": [ @@ -3043,7 +3010,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949090252Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":479000000},\"version\":\"1.0\"}", "type": [ @@ -3139,7 +3105,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949091314Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":481000000},\"version\":\"1.0\"}", "type": [ @@ -3229,7 +3194,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949092336Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVECOMMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":484000000},\"version\":\"1.0\"}", "type": [ @@ -3325,7 +3289,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949093364Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":486000000},\"version\":\"1.0\"}", "type": [ @@ -3421,7 +3384,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949094357Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":489000000},\"version\":\"1.0\"}", "type": [ @@ -3511,7 +3473,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949095347Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":491000000},\"version\":\"1.0\"}", "type": [ @@ -3607,7 +3568,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949096412Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":493000000},\"version\":\"1.0\"}", "type": [ @@ -3703,7 +3663,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949097419Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":496000000},\"version\":\"1.0\"}", "type": [ @@ -3793,7 +3752,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949098416Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"CREATEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":498000000},\"version\":\"1.0\"}", "type": [ @@ -3889,7 +3847,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949099426Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":501000000},\"version\":\"1.0\"}", "type": [ @@ -3985,7 +3942,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949100443Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":503000000},\"version\":\"1.0\"}", "type": [ @@ -4075,7 +4031,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949101435Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEATTACHMENT\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":506000000},\"version\":\"1.0\"}", "type": [ @@ -4171,7 +4126,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949102492Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":508000000},\"version\":\"1.0\"}", "type": [ @@ -4267,7 +4221,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949103526Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":510000000},\"version\":\"1.0\"}", "type": [ @@ -4357,7 +4310,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949104526Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EDITBLOG\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":513000000},\"version\":\"1.0\"}", "type": [ @@ -4453,7 +4405,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949105537Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":515000000},\"version\":\"1.0\"}", "type": [ @@ -4549,7 +4500,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949106517Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":518000000},\"version\":\"1.0\"}", "type": [ @@ -4639,7 +4589,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949107576Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"EXPORTSPACE\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":520000000},\"version\":\"1.0\"}", "type": [ @@ -4735,7 +4684,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949108557Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":522000000},\"version\":\"1.0\"}", "type": [ @@ -4831,7 +4779,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949109561Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":525000000},\"version\":\"1.0\"}", "type": [ @@ -4921,7 +4868,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949110568Z", "kind": "event", "original": "{\"affectedObjects\":[{\"name\":\"Anonymous\",\"type\":\"User\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"REMOVEMAIL\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":527000000},\"version\":\"1.0\"}", "type": [ @@ -5017,7 +4963,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949111558Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-administrators\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":529000000},\"version\":\"1.0\"}", "type": [ @@ -5113,7 +5058,6 @@ "iam", "configuration" ], - "ingested": "2022-02-24T20:24:06.949112540Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"98305\",\"name\":\"Demonstration Space\",\"type\":\"Space\"}],\"auditType\":{\"action\":\"Space permission added\",\"actionI18nKey\":\"audit.logging.summary.space.permission.added\",\"area\":\"PERMISSIONS\",\"category\":\"Permissions\",\"categoryI18nKey\":\"audit.logging.category.permissions\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Group\",\"key\":\"Group\",\"to\":\"confluence-users\"},{\"i18nKey\":\"Type\",\"key\":\"Type\",\"to\":\"SETPAGEPERMISSIONS\"},{\"i18nKey\":\"Space\",\"key\":\"Space\",\"to\":\"ds\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":532000000},\"version\":\"1.0\"}", "type": [ @@ -5186,7 +5130,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:24:06.949113565Z", "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log configuration updated\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.config.updated\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"-1\",\"name\":\"System\",\"type\":\"system\"},\"changedValues\":[{\"i18nKey\":\"atlassian.audit.event.change.retention\",\"key\":\"Retention\",\"to\":\"3 Years\"}],\"extraAttributes\":[],\"method\":\"System\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624602,\"nano\":615000000},\"version\":\"1.0\"}", "type": [ @@ -5251,7 +5194,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:24:06.949114587Z", "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}", "type": "info" @@ -5333,7 +5275,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:24:06.949115587Z", "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:44:13.873Z\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 58\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"From : 1970-01-01T00:00:00Z;To : 2021-11-22T23:47:20.782708Z;\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"58\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624840,\"nano\":815000000},\"version\":\"1.0\"}", "type": "info" @@ -5409,7 +5350,6 @@ "category": [ "configuration" ], - "ingested": "2022-02-24T20:24:06.949116586Z", "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Global settings changed\",\"actionI18nKey\":\"audit.logging.summary.global.settings.edited\",\"area\":\"GLOBAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Global Administration\",\"categoryI18nKey\":\"audit.logging.category.admin\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Custom contact admin message\",\"key\":\"Custom contact admin message\",\"to\":\"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred.\"},{\"from\":\"Confluence\",\"i18nKey\":\"Site title\",\"key\":\"Site title\",\"to\":\"Confluence Test\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624990,\"nano\":382000000},\"version\":\"1.0\"}", "type": [ @@ -5504,7 +5444,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949117591Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"Another User\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User created\",\"actionI18nKey\":\"audit.logging.summary.user.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[{\"i18nKey\":\"Display name\",\"key\":\"Display name\",\"to\":\"Another User\"},{\"i18nKey\":\"Email\",\"key\":\"Email\",\"to\":\"another.user@example.como\"},{\"i18nKey\":\"Username\",\"key\":\"Username\",\"to\":\"another.user\"},{\"i18nKey\":\"Active\",\"key\":\"Active\",\"to\":\"Yes\"}],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":842000000},\"version\":\"1.0\"}", "type": [ @@ -5594,7 +5533,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949118673Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-users\",\"name\":\"confluence-users\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625013,\"nano\":966000000},\"version\":\"1.0\"}", "type": [ @@ -5683,7 +5621,6 @@ "category": [ "iam" ], - "ingested": "2022-02-24T20:24:06.949119747Z", "kind": "event", "original": "{\"affectedObjects\":[{\"id\":\"confluence-administrators\",\"name\":\"confluence-administrators\",\"type\":\"Group\"},{\"id\":\"2c9580827d4a06e8017d4a0e9dda0001\",\"name\":\"another.user\",\"type\":\"User\"}],\"auditType\":{\"action\":\"User added to group\",\"actionI18nKey\":\"audit.logging.summary.group.membership.added\",\"area\":\"USER_MANAGEMENT\",\"category\":\"Users and groups\",\"categoryI18nKey\":\"audit.logging.category.user.management\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625032,\"nano\":205000000},\"version\":\"1.0\"}", "type": [ @@ -5778,7 +5715,6 @@ }, "event": { "action": "atlassian.audit.event.action.audit.search", - "ingested": "2022-02-24T20:24:06.949120746Z", "kind": "event", "original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"63\"},{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 63\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:50:32.205Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637625035,\"nano\":770000000},\"version\":\"1.0\"}", "type": "info" From b2a564b5ca6f4c0c208b3c165a49653b026b3ea4 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Thu, 24 Feb 2022 17:47:58 -0500 Subject: [PATCH 07/30] Add Confluence Cloud Support --- .../_dev/build/docs/README.md | 2 +- .../_dev/deploy/docker/files/config.yml | 27 + packages/atlassian_confluence/changelog.yml | 4 + .../_dev/test/pipeline/test-audit-cloud.log | 37 + .../pipeline/test-audit-cloud.log-config.yml | 5 + .../test-audit-cloud.log-expected.json | 1679 +++++++++++++++++ .../test/system/test-api-cloud-config.yml | 12 + .../audit/agent/stream/httpjson.yml.hbs | 43 +- .../elasticsearch/ingest_pipeline/cloud.yml | 36 + .../elasticsearch/ingest_pipeline/default.yml | 337 +--- .../ingest_pipeline/self-hosted.yml | 336 ++++ .../data_stream/audit/fields/fields.yml | 4 + .../data_stream/audit/manifest.yml | 8 + packages/atlassian_confluence/docs/README.md | 3 +- packages/atlassian_confluence/manifest.yml | 2 +- 15 files changed, 2196 insertions(+), 339 deletions(-) create mode 100644 packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log create mode 100644 packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml create mode 100644 packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json create mode 100644 packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml create mode 100644 packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml create mode 100644 packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml diff --git a/packages/atlassian_confluence/_dev/build/docs/README.md b/packages/atlassian_confluence/_dev/build/docs/README.md index 7eb470fc1bc..5b6c17c6654 100644 --- a/packages/atlassian_confluence/_dev/build/docs/README.md +++ b/packages/atlassian_confluence/_dev/build/docs/README.md @@ -6,7 +6,7 @@ The Confluence integration collects [audit logs](https://confluence.atlassian.co ### Audit -The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. This has not been tested with Confluence Cloud and is not expected to work. +The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. {{fields "audit"}} diff --git a/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml b/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml index 9b385950103..426031e375e 100644 --- a/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml +++ b/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml @@ -1,4 +1,5 @@ rules: + # Confluence Self Hosted Server - path: /rest/auditing/1.0/events methods: ["GET"] request_headers: @@ -23,3 +24,29 @@ rules: - status_code: 200 body: |- {"entities":[{"timestamp":"2021-11-23T00:44:58.940Z","author":{"name":"test user","type":"user","id":"2c9680837d4a3682017d4a375a280000","uri":"http://confluence.internal:8090/admin/users/viewuser.action?username=admin","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"81.2.69.143","system":"http://confluence.internal:8090","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"1 - 179"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"179"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-23T00:34:44.466Z - 2021-11-23T00:44:36.398Z"}]},{"timestamp":"2021-11-23T00:44:36.398Z","author":{"name":"test user","type":"user","id":"2c9680837d4a3682017d4a375a280000","uri":"http://confluence.internal:8090/admin/users/viewuser.action?username=admin","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"81.2.69.143","system":"http://confluence.internal:8090","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"79 - 178"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"100"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-23T00:39:37.166Z - 2021-11-23T00:43:12.188Z"}]}],"pagingInfo":{"lastPage":false,"nextPageOffset":0,"nextPageCursor":"1637628276398,179","nextPageLink":"http://{{ hostname }}:{{ env "PORT" }}/rest/auditing/1.0/events?offset=0&limit=2&pageCursor=1637628276398,179","size":2}} + # Confluence Cloud + - path: /wiki/rest/api/audit + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + from: "{from:.*}" + to: "{to:.*}" + start: "2" + limit: "2" + responses: + - status_code: 200 + body: |- + {"results":[{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756738,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Deactivated)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]},{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756666,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]}],"start":0,"limit":2,"size":37,"_links":{"base":"https://test.atlassian.net/wiki","context":"/wiki","self":"https://test.atlassian.net/wiki/rest/api/audit"}} + - path: /wiki/rest/api/audit + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + from: "{from:.*}" + to: "{to:.*}" + limit: "2" + responses: + - status_code: 200 + body: |- + {"results":[{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097111962,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]},{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097094621,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]}],"start":0,"limit":2,"size":37,"_links":{"base":"https://test.atlassian.net/wiki","context":"/wiki","self":"https://test.atlassian.net/wiki/rest/api/audit"}} diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index ae74d32ff4d..5075d514b80 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,8 @@ # newer versions go on top +- version: "1.3.0" + - description: Add support for Atlassian Confluence Cloud + type: enhancement + link: https://github.com/elastic/integrations/pull/2715 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log new file mode 100644 index 00000000000..2b434cdc644 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log @@ -0,0 +1,37 @@ +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097111962,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643097094621,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643096991153,"summary":"Space logo uploaded","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643096679172,"summary":"Space configuration updated","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Service Catalogue","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"SC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Jacobs","operations":null,"isExternalCollaborator":false,"username":"df856b17d84fcf010f11fcfcc6be4267","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"df856b17d84fcf010f11fcfcc6be4267","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643096679092,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Service Catalogue","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Service Catalogue","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"SC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Billy Bob","operations":null,"isExternalCollaborator":false,"username":"5e72294a9858860c3eb10c8b","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"5e72294a9858860c3eb10c8b","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643035762329,"summary":"Space configuration updated","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Pre-test-scanner","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Pre-test-scanner","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"PTS","hiddenOldValue":"","hiddenNewValue":""},{"name":"Home page","oldValue":"","newValue":"page: 484737204 v.1","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Billy Bob","operations":null,"isExternalCollaborator":false,"username":"5e72294a9858860c3eb10c8b","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"5e72294a9858860c3eb10c8b","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643035762311,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Pre-test-scanner","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Pre-test-scanner","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"PTS","hiddenOldValue":"","hiddenNewValue":""},{"name":"Home page","oldValue":"","newValue":"page: 484737204 v.1","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495383045,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"ASP","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495383014,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"ASP","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495382767,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"ASP","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"ASP","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642178227237,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Simon Brownhill","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642178227017,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Simon Brownhill","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Simon Brownhill","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641297876903,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"George West","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641297472951,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"SAM H","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641292043437,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Lilly Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641292043424,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joseph Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641292021947,"summary":"Group created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291955867,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joseph Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291955857,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Lilly Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291955839,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"SAM H","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641291934681,"summary":"Group created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8","objectType":"Group"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562860,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Lilly Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562848,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joe Test","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562837,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Joseph Smith","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895562824,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Simon Johnson","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638895523912,"summary":"Group created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4","objectType":"Group"},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Lilly Smith","operations":null,"isExternalCollaborator":false,"username":"98435bcd1061baa5b4fbd19bd5810586","userKey":"4711088e62a7b0cf381781a84574a70a","accountId":"98435bcd1061baa5b4fbd19bd5810586","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638894579293,"summary":"Space configuration updated","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Change Control","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Change Control","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"ACC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"Lilly Smith","operations":null,"isExternalCollaborator":false,"username":"98435bcd1061baa5b4fbd19bd5810586","userKey":"4711088e62a7b0cf381781a84574a70a","accountId":"98435bcd1061baa5b4fbd19bd5810586","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638894578800,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Change Control","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Change Control","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"ACC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834800,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Another User","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834747,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Another User","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834455,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Another User","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Another User","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637251458807,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Username","objectType":"User"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637164837285,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Unlicensed)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637164837274,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]} +{"author":{"type":"user","displayName":"John Doe","operations":null,"isExternalCollaborator":false,"username":"e6dd7842c44d594c024fc7129c1e4e49","userKey":"7b4a0e7b52db25cdfc113f8e5b8e7aa2","accountId":"e6dd7842c44d594c024fc7129c1e4e49","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637073322812,"summary":"Page archived","description":"","category":"Page","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"KB Articles to be Approved","objectType":"Page"},"changedValues":[{"name":"Content status","oldValue":"current","newValue":"archived","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[{"name":"KB Articles to be Approved","objectType":"Page"},{"name":"Topics","objectType":"Space"}]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756738,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Deactivated)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756666,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]} \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml new file mode 100644 index 00000000000..b50c2007781 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml @@ -0,0 +1,5 @@ +fields: + _config: + atlassian_cloud: true + tags: + - preserve_original_event diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json new file mode 100644 index 00000000000..81ed6ff6e57 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -0,0 +1,1679 @@ +{ + "expected": [ + { + "@timestamp": "2022-01-25T07:51:51.962Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space logo uploaded", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097111962,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:51:34.621Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space logo uploaded", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097094621,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:49:51.153Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space logo uploaded", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096991153,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:44:39.172Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space configuration updated", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679172,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-25T07:44:39.092Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space created", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679092,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Jacobs", + "id": "df856b17d84fcf010f11fcfcc6be4267" + } + }, + { + "@timestamp": "2022-01-24T14:49:22.329Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space configuration updated", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762329,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Billy Bob", + "id": "5e72294a9858860c3eb10c8b" + } + }, + { + "@timestamp": "2022-01-24T14:49:22.311Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space created", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762311,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Billy Bob", + "id": "5e72294a9858860c3eb10c8b" + } + }, + { + "@timestamp": "2022-01-18T08:43:03.045Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383045,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-18T08:43:03.014Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383014,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-18T08:43:02.767Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495382767,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"ASP\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"ASP\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-14T16:37:07.237Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227237,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-14T16:37:07.017Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227017,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Simon Brownhill\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T12:04:36.903Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297876903,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"George West\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T11:57:52.951Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297472951,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:27:23.437Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043437,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:27:23.424Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043424,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:27:01.947Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Group created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292021947,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:25:55.867Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955867,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:25:55.857Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955857,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:25:55.839Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955839,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2022-01-04T10:25:34.681Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Group created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291934681,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.860Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562860,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.848Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562848,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joe Test\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.837Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562837,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.824Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562824,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Johnson\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:45:23.912Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Group created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895523912,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-12-07T16:29:39.293Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space configuration updated", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894579293,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Lilly Smith", + "id": "98435bcd1061baa5b4fbd19bd5810586" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.800Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Space created", + "category": "Spaces" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894578800,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "Lilly Smith", + "id": "98435bcd1061baa5b4fbd19bd5810586" + } + }, + { + "@timestamp": "2021-11-29T17:10:34.800Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834800,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-29T17:10:34.747Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834747,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-29T17:10:34.455Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User created", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834455,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Another User\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Another User\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-18T16:04:18.807Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User added to group", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637251458807,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Username\",\"objectType\":\"User\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-17T16:00:37.285Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User details updated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837285,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Unlicensed)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-17T16:00:37.274Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User deactivated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837274,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-16T14:35:22.812Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "Page archived", + "category": "Page" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Doe\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"userKey\":\"7b4a0e7b52db25cdfc113f8e5b8e7aa2\",\"accountId\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637073322812,\"summary\":\"Page archived\",\"description\":\"\",\"category\":\"Page\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},\"changedValues\":[{\"name\":\"Content status\",\"oldValue\":\"current\",\"newValue\":\"archived\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},{\"name\":\"Topics\",\"objectType\":\"Space\"}]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "John Doe", + "id": "e6dd7842c44d594c024fc7129c1e4e49" + } + }, + { + "@timestamp": "2021-11-16T09:25:56.738Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User details updated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756738,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Deactivated)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + }, + { + "@timestamp": "2021-11-16T09:25:56.666Z", + "confluence": { + "audit": { + "external_collaborator": false, + "type": { + "action": "User deactivated", + "category": "Users and groups" + } + } + }, + "ecs": { + "version": "8.0.0" + }, + "event": { + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756666,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}" + }, + "related": { + "ip": [ + "81.2.69.143" + ] + }, + "source": { + "address": "81.2.69.143", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.143" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "full_name": "System" + } + } + ] +} \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml new file mode 100644 index 00000000000..e2e5e210906 --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -0,0 +1,12 @@ +input: httpjson +service: confluence-api +vars: ~ +data_stream: + vars: + preserve_original_event: true + api_url: http://{{Hostname}}:{{Port}} + username: test.user + password: abc123 + limit: "2" + ssl.verification_mode: none + atlassian_cloud: true diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index be1c57a543d..98661608a18 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -1,7 +1,11 @@ config_version: "2" interval: {{interval}} request.method: "GET" +{{#if atlassian_cloud}} +request.url: {{api_url}}/wiki/rest/api/audit +{{#else}} request.url: {{api_url}}/rest/auditing/1.0/events +{{/if}} {{#if ssl}} request.ssl: {{ssl}} {{/if}} @@ -21,6 +25,30 @@ auth.basic.password: {{password}} {{/unless}} request.transforms: + - set: + target: url.params.limit + value: {{ limit }} + +{{#if atlassian_cloud}} + - set: + target: url.params.startDate + value: "[[.cursor.last_timestamp]]" + default: '[[(now (parseDuration "-{{initial_interval}}")).Unix]]' + - set: + target: url.params.endDate + value: '[[now.Unix]]' +response.split: + target: body.results +response.pagination: + - set: + target: url.params.start + value: '[[ add .last_response.url.params.start url.params.limit ]]' + fail_on_template_error: true +cursor: + last_timestamp: + value: "[[.first_event.creationDate]]" + +{{#else}} {{#unless username}} {{#unless password}} {{#if token}} @@ -37,10 +65,6 @@ request.transforms: - set: target: url.params.to value: '[[formatDate now]]' - - set: - target: url.params.limit - value: {{ limit }} - response.split: target: body.entities response.pagination: @@ -48,11 +72,10 @@ response.pagination: target: url.value value: '[[ .last_response.body.pagingInfo.nextPageLink ]]' fail_on_template_error: true - cursor: last_timestamp: value: "[[.first_event.timestamp]]" - +{{/if}} tags: {{#if preserve_original_event}} - preserve_original_event @@ -63,7 +86,13 @@ tags: {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} -{{#if processors}} processors: +{{#if atlassian_cloud}} +- add_fields: + target: _config + fields: + atlassian_cloud: true +{{/if}} +{{#if processors}} {{processors}} {{/if}} \ No newline at end of file diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml new file mode 100644 index 00000000000..fdc8284dc8b --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -0,0 +1,36 @@ +--- +description: Pipeline for processing sample logs +processors: +- set: + field: _tmp.timestamp + copy_from: json.creationDate + if: ctx.json?.creationDate != null +- rename: + field: json.remoteAddress + target_field: source.address + ignore_missing: true +- rename: + field: json.author.accountId + target_field: user.id + ignore_missing: true +- rename: + field: json.author.displayName + target_field: user.full_name + ignore_missing: true +- rename: + field: json.author.externalCollaborator + target_field: confluence.audit.external_collaborator + ignore_missing: true +- rename: + field: json.category + target_field: confluence.audit.type.category + ignore_missing: true +- rename: + field: json.summary + target_field: confluence.audit.type.action + ignore_missing: true + +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 80aa4d2989d..aa526f5189c 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -10,24 +10,19 @@ processors: - json: field: event.original target_field: json -- set: - field: _tmp.timestamp - copy_from: json.timestamp - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String -- set: - field: _tmp.timestamp - value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null +- pipeline: + name: '{{ IngestPipeline "cloud" }}' + if: "ctx._config?.atlassian_cloud != null" +- pipeline: + name: '{{ IngestPipeline "self-hosted" }}' + if: "ctx._config?.atlassian_cloud == null" - date: field: _tmp.timestamp formats: - UNIX + - UNIX_MS - ISO8601 target_field: "@timestamp" -- rename: - field: json.source - target_field: source.address - ignore_missing: true - convert: field: source.address target_field: source.ip @@ -53,318 +48,6 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true -- rename: - field: json.author.id - target_field: user.id - ignore_missing: true -- rename: - field: json.author.name - target_field: user.full_name - ignore_missing: true -- grok: - field: json.author.uri - ignore_missing: true - ignore_failure: true - if: ctx?.json?.author?.uri != "" - patterns: - - '\?username=%{USER:user.name}$' -- rename: - field: json.auditType - target_field: confluence.audit.type - ignore_missing: true -- rename: - field: json.type - target_field: confluence.audit.type - ignore_missing: true -- rename: - field: json.method - target_field: confluence.audit.method - ignore_missing: true -- rename: - field: json.system - target_field: service.address - ignore_missing: true -- uri_parts: - field: service.address - target_field: _tmp.service - ignore_failure: true - if: ctx.service?.address != null -- rename: - field: json.extraAttributes - target_field: confluence.audit.extra_attributes - ignore_missing: true -- rename: - field: json.changedValues - target_field: confluence.audit.changed_values - ignore_missing: true -- rename: - field: json.affectedObjects - target_field: confluence.audit.affected_objects - ignore_missing: true -- set: - field: event.action - copy_from: confluence.audit.type.actionI18nKey - ignore_empty_value: true -- script: - lang: painless - description: Add ECS categorization - params: - audit.logging.summary.global.permission.added: - category: - - iam - - configuration - type: - - admin - - creation - audit.logging.summary.space.permission.added: - category: - - iam - - configuration - type: - - admin - - creation - audit.logging.summary.user.created: - category: - - iam - type: - - user - - creation - audit.logging.summary.user.renamed: - category: - - iam - type: - - user - - change - audit.logging.summary.user.updated: - category: - - iam - type: - - user - - change - audit.logging.summary.user.deleted: - category: - - iam - type: - - user - - deletion - audit.logging.summary.group.membership.added: - category: - - iam - type: - - group - - change - audit.logging.summary.group.membership.removed: - category: - - iam - type: - - group - - change - audit.logging.summary.group.created: - category: - - iam - type: - - group - - creation - audit.logging.summary.group.deleted: - category: - - iam - type: - - group - - deletion - atlassian.audit.event.action.audit.config.updated: - category: - - configuration - type: - - admin - - change - audit.logging.summary.global.settings.edited: - category: - - configuration - type: - - admin - - change - personal.access.tokens.audit.log.summary.token.created: - category: - - iam - type: - - admin - - creation - personal.access.tokens.audit.log.summary.token.deleted: - category: - - iam - type: - - admin - - deletion - audit.logging.summary.login.success: - category: - - authentication - type: - - start - outcome: success - audit.logging.summary.user.logout: - category: - - authentication - type: - - end - audit.logging.summary.login.failed: - category: - - authentication - type: - - info - outcome: failure - audit.logging.summary.user.password.changed: - category: - - iam - type: - - user - - change - outcome: success - audit.logging.summary.sudo.auth.successful: - category: - - authentication - type: - - admin - - start - audit.logging.summary.sudo.logout: - category: - - authentication - type: - - admin - - end - audit.logging.summary.space.created: - category: - - configuration - type: - - creation - audit.logging.summary.page.created: - category: - - configuration - type: - - creation - audit.logging.summary.page.deleted: - category: - - configuration - type: - - deletion - audit.logging.summary.space.removed: - category: - - configuration - type: - - deletion - audit.logging.summary.space.config.updated: - category: - - configuration - type: - - change - source: >- - ctx.event.kind = 'event'; - ctx.event.type = 'info'; - if (ctx?.event?.action == null) { - return; - } - if (params.get(ctx.event.action) == null) { - return; - } - def hm = new HashMap(params.get(ctx.event.action)); - hm.forEach((k, v) -> ctx.event[k] = v); -- script: - lang: painless - description: Add ECS User fields - if: "['audit.logging.category.user.management','audit.logging.category.auth'].contains(ctx.confluence?.audit?.type?.categoryI18nKey)" - source: >- - if (ctx?.event?.action == null) { - return; - } - if (ctx.group == null) { - Map map = new HashMap(); - ctx.put("group", map); - } - if (ctx.user == null) { - Map map = new HashMap(); - ctx.put("user", map); - } - if (ctx.user?.target == null) { - Map map = new HashMap(); - ctx.user.put("target", map); - } - if (ctx.user?.changes == null) { - Map map = new HashMap(); - ctx.user.put("changes", map); - } - if (ctx.user?.target?.group == null) { - Map map = new HashMap(); - ctx.user.target.put("group", map); - } - if(ctx.confluence?.audit?.affected_objects != null) { - for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { - if(ctx.confluence?.audit?.affected_objects[j]?.type == 'Group') { - if(['audit.logging.summary.group.created', 'audit.logging.summary.group.deleted'].contains(ctx.event.action)) { - ctx.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - } - if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { - ctx.user.target.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - } - } - if(ctx.confluence?.audit?.affected_objects[j]?.type == 'User') { - if(['audit.logging.summary.user.created', 'audit.logging.summary.user.deleted', 'audit.logging.summary.user.password.changed','audit.logging.summary.user.updated'].contains(ctx.event.action)) { - ctx.user.target.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { - def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); - if (m.find()) { - ctx.user.target.put("name", m.group(1)); - } - } - } - if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { - ctx.user.target.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - } - if(['audit.logging.summary.login.success', 'audit.logging.summary.login.failed'].contains(ctx.event.action)) { - ctx.user.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { - def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); - if (m.find()) { - ctx.user.put("name", m.group(1)); - } - } - } - } - } - } - if(ctx.confluence?.audit?.changed_values != null) { - for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { - if(['audit.logging.summary.user.renamed'].contains(ctx.event.action)) { - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'audit.logging.changed.value.username') { - ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); - ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - if(['audit.logging.summary.user.created','audit.logging.summary.user.updated'].contains(ctx.event.action)) { - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Username') { - ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); - if(ctx.confluence?.audit?.changed_values[j]?.from != null) { - ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Email') { - ctx.user.changes.put("email", ctx.confluence?.audit?.changed_values[j]?.to); - if(ctx.confluence?.audit?.changed_values[j]?.from != null) { - ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Display name') { - ctx.user.changes.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); - if(ctx.confluence?.audit?.changed_values[j]?.from != null) { - ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - } - } - } - append: field: related.user value: '{{user.name}}' @@ -385,15 +68,11 @@ processors: value: '{{source.ip}}' allow_duplicates: false if: ctx.source?.ip != null -- append: - field: related.hosts - value: '{{_tmp.service.domain}}' - allow_duplicates: false - if: ctx._tmp?.service?.domain != null - remove: field: - json - _tmp + - _config ignore_missing: true - remove: field: event.original diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml new file mode 100644 index 00000000000..ee68be7d10c --- /dev/null +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -0,0 +1,336 @@ +--- +description: Pipeline for processing sample logs +processors: +- set: + field: _tmp.timestamp + copy_from: json.timestamp + if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String +- set: + field: _tmp.timestamp + value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" + if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null +- rename: + field: json.source + target_field: source.address + ignore_missing: true +- rename: + field: json.author.id + target_field: user.id + ignore_missing: true +- rename: + field: json.author.name + target_field: user.full_name + ignore_missing: true +- grok: + field: json.author.uri + ignore_missing: true + ignore_failure: true + if: ctx?.json?.author?.uri != "" + patterns: + - '\?username=%{USER:user.name}$' +- rename: + field: json.auditType + target_field: confluence.audit.type + ignore_missing: true +- rename: + field: json.type + target_field: confluence.audit.type + ignore_missing: true +- rename: + field: json.method + target_field: confluence.audit.method + ignore_missing: true +- rename: + field: json.system + target_field: service.address + ignore_missing: true +- uri_parts: + field: service.address + target_field: _tmp.service + ignore_failure: true + if: ctx.service?.address != null +- rename: + field: json.extraAttributes + target_field: confluence.audit.extra_attributes + ignore_missing: true +- rename: + field: json.changedValues + target_field: confluence.audit.changed_values + ignore_missing: true +- rename: + field: json.affectedObjects + target_field: confluence.audit.affected_objects + ignore_missing: true +- set: + field: event.action + copy_from: confluence.audit.type.actionI18nKey + ignore_empty_value: true +- script: + lang: painless + description: Add ECS categorization + params: + audit.logging.summary.global.permission.added: + category: + - iam + - configuration + type: + - admin + - creation + audit.logging.summary.space.permission.added: + category: + - iam + - configuration + type: + - admin + - creation + audit.logging.summary.user.created: + category: + - iam + type: + - user + - creation + audit.logging.summary.user.renamed: + category: + - iam + type: + - user + - change + audit.logging.summary.user.updated: + category: + - iam + type: + - user + - change + audit.logging.summary.user.deleted: + category: + - iam + type: + - user + - deletion + audit.logging.summary.group.membership.added: + category: + - iam + type: + - group + - change + audit.logging.summary.group.membership.removed: + category: + - iam + type: + - group + - change + audit.logging.summary.group.created: + category: + - iam + type: + - group + - creation + audit.logging.summary.group.deleted: + category: + - iam + type: + - group + - deletion + atlassian.audit.event.action.audit.config.updated: + category: + - configuration + type: + - admin + - change + audit.logging.summary.global.settings.edited: + category: + - configuration + type: + - admin + - change + personal.access.tokens.audit.log.summary.token.created: + category: + - iam + type: + - admin + - creation + personal.access.tokens.audit.log.summary.token.deleted: + category: + - iam + type: + - admin + - deletion + audit.logging.summary.login.success: + category: + - authentication + type: + - start + outcome: success + audit.logging.summary.user.logout: + category: + - authentication + type: + - end + audit.logging.summary.login.failed: + category: + - authentication + type: + - info + outcome: failure + audit.logging.summary.user.password.changed: + category: + - iam + type: + - user + - change + outcome: success + audit.logging.summary.sudo.auth.successful: + category: + - authentication + type: + - admin + - start + audit.logging.summary.sudo.logout: + category: + - authentication + type: + - admin + - end + audit.logging.summary.space.created: + category: + - configuration + type: + - creation + audit.logging.summary.page.created: + category: + - configuration + type: + - creation + audit.logging.summary.page.deleted: + category: + - configuration + type: + - deletion + audit.logging.summary.space.removed: + category: + - configuration + type: + - deletion + audit.logging.summary.space.config.updated: + category: + - configuration + type: + - change + source: >- + ctx.event.kind = 'event'; + ctx.event.type = 'info'; + if (ctx?.event?.action == null) { + return; + } + if (params.get(ctx.event.action) == null) { + return; + } + def hm = new HashMap(params.get(ctx.event.action)); + hm.forEach((k, v) -> ctx.event[k] = v); +- script: + lang: painless + description: Add ECS User fields + if: "['audit.logging.category.user.management','audit.logging.category.auth'].contains(ctx.confluence?.audit?.type?.categoryI18nKey)" + source: >- + if (ctx?.event?.action == null) { + return; + } + if (ctx.group == null) { + Map map = new HashMap(); + ctx.put("group", map); + } + if (ctx.user == null) { + Map map = new HashMap(); + ctx.put("user", map); + } + if (ctx.user?.target == null) { + Map map = new HashMap(); + ctx.user.put("target", map); + } + if (ctx.user?.changes == null) { + Map map = new HashMap(); + ctx.user.put("changes", map); + } + if (ctx.user?.target?.group == null) { + Map map = new HashMap(); + ctx.user.target.put("group", map); + } + if(ctx.confluence?.audit?.affected_objects != null) { + for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { + if(ctx.confluence?.audit?.affected_objects[j]?.type == 'Group') { + if(['audit.logging.summary.group.created', 'audit.logging.summary.group.deleted'].contains(ctx.event.action)) { + ctx.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + } + if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { + ctx.user.target.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.target.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + } + } + if(ctx.confluence?.audit?.affected_objects[j]?.type == 'User') { + if(['audit.logging.summary.user.created', 'audit.logging.summary.user.deleted', 'audit.logging.summary.user.password.changed','audit.logging.summary.user.updated'].contains(ctx.event.action)) { + ctx.user.target.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { + def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); + if (m.find()) { + ctx.user.target.put("name", m.group(1)); + } + } + } + if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { + ctx.user.target.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + } + if(['audit.logging.summary.login.success', 'audit.logging.summary.login.failed'].contains(ctx.event.action)) { + ctx.user.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { + def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); + if (m.find()) { + ctx.user.put("name", m.group(1)); + } + } + } + } + } + } + if(ctx.confluence?.audit?.changed_values != null) { + for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { + if(['audit.logging.summary.user.renamed'].contains(ctx.event.action)) { + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'audit.logging.changed.value.username') { + ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + if(['audit.logging.summary.user.created','audit.logging.summary.user.updated'].contains(ctx.event.action)) { + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Username') { + ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); + if(ctx.confluence?.audit?.changed_values[j]?.from != null) { + ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Email') { + ctx.user.changes.put("email", ctx.confluence?.audit?.changed_values[j]?.to); + if(ctx.confluence?.audit?.changed_values[j]?.from != null) { + ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Display name') { + ctx.user.changes.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); + if(ctx.confluence?.audit?.changed_values[j]?.from != null) { + ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + } + } + } +- append: + field: related.hosts + value: '{{_tmp.service.domain}}' + allow_duplicates: false + if: ctx._tmp?.service?.domain != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_confluence/data_stream/audit/fields/fields.yml b/packages/atlassian_confluence/data_stream/audit/fields/fields.yml index 841f8aa1122..bded174347f 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/fields.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/fields.yml @@ -41,3 +41,7 @@ type: flattened description: | Affected Objects + - name: external_collaborator + type: boolean + description: | + Whether the user is an external collaborator user diff --git a/packages/atlassian_confluence/data_stream/audit/manifest.yml b/packages/atlassian_confluence/data_stream/audit/manifest.yml index 2c59289e991..359e2c49b09 100644 --- a/packages/atlassian_confluence/data_stream/audit/manifest.yml +++ b/packages/atlassian_confluence/data_stream/audit/manifest.yml @@ -73,6 +73,14 @@ streams: required: false multi: false show_user: true + - name: atlassian_cloud + required: true + show_user: true + title: Atlassian Cloud + description: Is this an Atlassian SaaS Confluence instance + type: bool + multi: false + default: false - name: http_client_timeout type: text title: HTTP Client Timeout diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 1f938c6114b..44d03bf78df 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -6,7 +6,7 @@ The Confluence integration collects [audit logs](https://confluence.atlassian.co ### Audit -The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. This has not been tested with Confluence Cloud and is not expected to work. +The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. **Exported fields** @@ -24,6 +24,7 @@ The Confluence integration collects audit logs from the audit log files or the a | cloud.region | Region in which this host is running. | keyword | | confluence.audit.affected_objects | Affected Objects | flattened | | confluence.audit.changed_values | Changed Values | flattened | +| confluence.audit.external_collaborator | Whether the user is an external collaborator user | boolean | | confluence.audit.extra_attributes | Extra Attributes | flattened | | confluence.audit.method | Method | keyword | | confluence.audit.type.action | Action | keyword | diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index 721698bdac0..376a218f08e 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: 1.2.0 +version: 1.3.0 license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration From 8bdbb5cc70c6c2ee97490325288982004983aa39 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Thu, 24 Feb 2022 17:51:53 -0500 Subject: [PATCH 08/30] Add JIRA cloud --- .../_dev/build/docs/README.md | 2 +- .../_dev/deploy/docker/files/config.yml | 11 +- .../pipeline/test-audit-api.log-expected.json | 1 + .../_dev/test/pipeline/test-audit-cloud.log | 4 +- .../test-audit-cloud.log-expected.json | 1064 +++- .../test-audit-files.log-expected.json | 8 +- .../audit/agent/stream/httpjson.yml.hbs | 7 +- .../elasticsearch/ingest_pipeline/cloud.yml | 50 +- .../elasticsearch/ingest_pipeline/default.yml | 326 ++ .../ingest_pipeline/self-hosted.yml | 260 - .../data_stream/audit/fields/ecs.yml | 2 + packages/atlassian_confluence/docs/README.md | 3 +- .../atlassian_jira/_dev/build/docs/README.md | 2 +- .../_dev/deploy/docker/files/config.yml | 28 + packages/atlassian_jira/changelog.yml | 4 + .../_dev/test/pipeline/test-audit-cloud.log | 82 + .../pipeline/test-audit-cloud.log-config.yml | 5 + .../test-audit-cloud.log-expected.json | 5047 +++++++++++++++++ .../test/system/test-api-cloud-config.yml | 12 + .../audit/agent/stream/httpjson.yml.hbs | 45 +- .../elasticsearch/ingest_pipeline/cloud.yml | 80 + .../elasticsearch/ingest_pipeline/default.yml | 119 +- .../ingest_pipeline/self-hosted.yml | 94 + .../data_stream/audit/manifest.yml | 8 + packages/atlassian_jira/docs/README.md | 2 +- packages/atlassian_jira/manifest.yml | 2 +- 26 files changed, 6867 insertions(+), 401 deletions(-) create mode 100644 packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log create mode 100644 packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml create mode 100644 packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json create mode 100644 packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml create mode 100644 packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml create mode 100644 packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml diff --git a/packages/atlassian_confluence/_dev/build/docs/README.md b/packages/atlassian_confluence/_dev/build/docs/README.md index 5b6c17c6654..423b44519ff 100644 --- a/packages/atlassian_confluence/_dev/build/docs/README.md +++ b/packages/atlassian_confluence/_dev/build/docs/README.md @@ -6,7 +6,7 @@ The Confluence integration collects [audit logs](https://confluence.atlassian.co ### Audit -The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. +The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. {{fields "audit"}} diff --git a/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml b/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml index 426031e375e..a97c2d8b674 100644 --- a/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml +++ b/packages/atlassian_confluence/_dev/deploy/docker/files/config.yml @@ -30,22 +30,23 @@ rules: request_headers: authorization: Basic dGVzdC51c2VyOmFiYzEyMw== query_params: - from: "{from:.*}" - to: "{to:.*}" + startDate: "{startDate:.*}" + endDate: "{endDate:.*}" start: "2" limit: "2" responses: - status_code: 200 body: |- - {"results":[{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756738,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Deactivated)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]},{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756666,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]}],"start":0,"limit":2,"size":37,"_links":{"base":"https://test.atlassian.net/wiki","context":"/wiki","self":"https://test.atlassian.net/wiki/rest/api/audit"}} + {"results":[{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756738,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Deactivated)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]},{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637054756666,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]}],"start":2,"limit":2,"size":37,"_links":{"base":"https://test.atlassian.net/wiki","context":"/wiki","self":"https://test.atlassian.net/wiki/rest/api/audit"}} - path: /wiki/rest/api/audit methods: ["GET"] request_headers: authorization: Basic dGVzdC51c2VyOmFiYzEyMw== query_params: - from: "{from:.*}" - to: "{to:.*}" + startDate: "{startDate:.*}" + endDate: "{endDate:.*}" limit: "2" + start: "0" responses: - status_code: 200 body: |- diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index 4b6efb56454..c34e978a065 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -14965,6 +14965,7 @@ "full_name": "Anonymous", "id": "-2", "target": { + "email": "test.user@example.com", "full_name": "test user", "id": "2c9680837d4a3682017d4a375a280000", "name": "admin" diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log index 2b434cdc644..306090b32dd 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log @@ -7,7 +7,7 @@ {"author":{"type":"user","displayName":"Billy Bob","operations":null,"isExternalCollaborator":false,"username":"5e72294a9858860c3eb10c8b","userKey":"26971c016361d1f6a3eb8f62461f1e4e","accountId":"5e72294a9858860c3eb10c8b","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1643035762311,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Pre-test-scanner","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Pre-test-scanner","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"PTS","hiddenOldValue":"","hiddenNewValue":""},{"name":"Home page","oldValue":"","newValue":"page: 484737204 v.1","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495383045,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"ASP","objectType":"User"}]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495383014,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"ASP","objectType":"User"}]} -{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495382767,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"ASP","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"ASP","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642495382767,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"ASP","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"ASP","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"test@example.com","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642178227237,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Simon Brownhill","objectType":"User"}]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1642178227017,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Simon Brownhill","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Simon Brownhill","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1641297876903,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Detect & Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"George West","objectType":"User"}]} @@ -28,7 +28,7 @@ {"author":{"type":"user","displayName":"Lilly Smith","operations":null,"isExternalCollaborator":false,"username":"98435bcd1061baa5b4fbd19bd5810586","userKey":"4711088e62a7b0cf381781a84574a70a","accountId":"98435bcd1061baa5b4fbd19bd5810586","accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638894578800,"summary":"Space created","description":"","category":"Spaces","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Change Control","objectType":"Space"},"changedValues":[{"name":"Space type","oldValue":"","newValue":"global","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space status","oldValue":"","newValue":"CURRENT","hiddenOldValue":"","hiddenNewValue":""},{"name":"Name","oldValue":"","newValue":"Change Control","hiddenOldValue":"","hiddenNewValue":""},{"name":"Space key","oldValue":"","newValue":"ACC","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834800,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Another User","objectType":"User"}]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834747,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Another User","objectType":"User"}]} -{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834455,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Another User","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Another User","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} +{"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1638205834455,"summary":"User created","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"Another User","objectType":"User"},"changedValues":[{"name":"Display name","oldValue":"","newValue":"Another User","hiddenOldValue":"","hiddenNewValue":""},{"name":"Email","oldValue":"","newValue":"test@example.com","hiddenOldValue":"","hiddenNewValue":""},{"name":"Active","oldValue":"","newValue":"Yes","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637251458807,"summary":"User added to group","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c","objectType":"Group"},"changedValues":[],"associatedObjects":[{"name":"Username","objectType":"User"}]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637164837285,"summary":"User details updated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"John Doe (Unlicensed)","objectType":"User"},"changedValues":[{"name":"Active","oldValue":"Yes","newValue":"No","hiddenOldValue":"","hiddenNewValue":""}],"associatedObjects":[]} {"author":{"type":"user","displayName":"System","operations":null,"isExternalCollaborator":false,"accountType":"","publicName":"Unknown user","externalCollaborator":false},"remoteAddress":"81.2.69.143","creationDate":1637164837274,"summary":"User deactivated","description":"","category":"Users and groups","sysAdmin":false,"superAdmin":false,"affectedObject":{"name":"","objectType":""},"changedValues":[],"associatedObjects":[]} diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 81ed6ff6e57..97c8a947a04 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -4,6 +4,12 @@ "@timestamp": "2022-01-25T07:51:51.962Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], "external_collaborator": false, "type": { "action": "Space logo uploaded", @@ -15,7 +21,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097111962,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "Space logo uploaded", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097111962,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -50,6 +59,12 @@ "@timestamp": "2022-01-25T07:51:34.621Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], "external_collaborator": false, "type": { "action": "Space logo uploaded", @@ -61,7 +76,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097094621,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "Space logo uploaded", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643097094621,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -96,6 +114,12 @@ "@timestamp": "2022-01-25T07:49:51.153Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], "external_collaborator": false, "type": { "action": "Space logo uploaded", @@ -107,7 +131,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096991153,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "Space logo uploaded", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096991153,\"summary\":\"Space logo uploaded\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -142,6 +169,34 @@ "@timestamp": "2022-01-25T07:44:39.172Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Service Catalogue" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "SC" + } + ], "external_collaborator": false, "type": { "action": "Space configuration updated", @@ -153,7 +208,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679172,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "Space configuration updated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679172,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -188,6 +246,34 @@ "@timestamp": "2022-01-25T07:44:39.092Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Service Catalogue", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Service Catalogue" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "SC" + } + ], "external_collaborator": false, "type": { "action": "Space created", @@ -199,7 +285,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679092,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "Space created", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Jacobs\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"df856b17d84fcf010f11fcfcc6be4267\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"df856b17d84fcf010f11fcfcc6be4267\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643096679092,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Service Catalogue\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Service Catalogue\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"SC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -234,6 +323,39 @@ "@timestamp": "2022-01-24T14:49:22.329Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Pre-test-scanner", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Pre-test-scanner" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "PTS" + }, + { + "i18nKey": "Home page", + "key": "Home page", + "to": "page: 484737204 v.1" + } + ], "external_collaborator": false, "type": { "action": "Space configuration updated", @@ -245,7 +367,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762329,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "Space configuration updated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762329,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -280,6 +405,39 @@ "@timestamp": "2022-01-24T14:49:22.311Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Pre-test-scanner", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Pre-test-scanner" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "PTS" + }, + { + "i18nKey": "Home page", + "key": "Home page", + "to": "page: 484737204 v.1" + } + ], "external_collaborator": false, "type": { "action": "Space created", @@ -291,7 +449,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762311,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "Space created", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Billy Bob\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"5e72294a9858860c3eb10c8b\",\"userKey\":\"26971c016361d1f6a3eb8f62461f1e4e\",\"accountId\":\"5e72294a9858860c3eb10c8b\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1643035762311,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Pre-test-scanner\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Pre-test-scanner\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"PTS\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Home page\",\"oldValue\":\"\",\"newValue\":\"page: 484737204 v.1\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -326,6 +487,16 @@ "@timestamp": "2022-01-18T08:43:03.045Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "ASP", + "type": "User" + }, + { + "name": "jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -337,11 +508,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383045,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383045,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "ASP" ] }, "source": { @@ -364,13 +547,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "b8d81944-e737-4da0-94ca-165fa5c0635c", + "name": "jira-software-users" + }, + "name": "ASP" + } } }, { "@timestamp": "2022-01-18T08:43:03.014Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "ASP", + "type": "User" + }, + { + "name": "confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -382,11 +582,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383014,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495383014,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"ASP\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "ASP" ] }, "source": { @@ -409,13 +621,43 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "name": "confluence-users" + }, + "name": "ASP" + } } }, { "@timestamp": "2022-01-18T08:43:02.767Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "ASP", + "type": "User" + } + ], + "changed_values": [ + { + "i18nKey": "Display name", + "key": "Display name", + "to": "ASP" + }, + { + "i18nKey": "Email", + "key": "Email", + "to": "test@example.com" + }, + { + "i18nKey": "Active", + "key": "Active", + "to": "Yes" + } + ], "external_collaborator": false, "type": { "action": "User created", @@ -427,7 +669,16 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495382767,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"ASP\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"ASP\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "User created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642495382767,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"ASP\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"ASP\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"test@example.com\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "creation" + ] }, "related": { "ip": [ @@ -454,13 +705,26 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "full_name": "ASP" + } } }, { "@timestamp": "2022-01-14T16:37:07.237Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Simon Brownhill", + "type": "User" + }, + { + "name": "confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -472,11 +736,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227237,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227237,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Simon Brownhill" ] }, "source": { @@ -499,13 +775,42 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "name": "confluence-users" + }, + "name": "Simon Brownhill" + } } }, { "@timestamp": "2022-01-14T16:37:07.017Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Simon Brownhill", + "type": "User" + } + ], + "changed_values": [ + { + "i18nKey": "Display name", + "key": "Display name", + "to": "Simon Brownhill" + }, + { + "i18nKey": "Email", + "key": "Email" + }, + { + "i18nKey": "Active", + "key": "Active", + "to": "Yes" + } + ], "external_collaborator": false, "type": { "action": "User created", @@ -517,7 +822,16 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227017,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Simon Brownhill\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "User created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1642178227017,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Simon Brownhill\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Simon Brownhill\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "creation" + ] }, "related": { "ip": [ @@ -544,13 +858,26 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "full_name": "Simon Brownhill" + } } }, { "@timestamp": "2022-01-04T12:04:36.903Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "George West", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -562,11 +889,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297876903,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"George West\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297876903,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"George West\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "George West" ] }, "source": { @@ -589,13 +928,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "George West" + } } }, { "@timestamp": "2022-01-04T11:57:52.951Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "SAM H", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -607,11 +963,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297472951,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641297472951,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "SAM H" ] }, "source": { @@ -634,13 +1002,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "SAM H" + } } }, { "@timestamp": "2022-01-04T10:27:23.437Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Lilly Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -652,11 +1037,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043437,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043437,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Lilly Smith" ] }, "source": { @@ -679,13 +1076,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "Lilly Smith" + } } }, { "@timestamp": "2022-01-04T10:27:23.424Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Joseph Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -697,11 +1111,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043424,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292043424,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Joseph Smith" ] }, "source": { @@ -724,13 +1150,26 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" + }, + "name": "Joseph Smith" + } } }, { "@timestamp": "2022-01-04T10:27:01.947Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "Group created", @@ -742,7 +1181,20 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292021947,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "Group created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641292021947,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Change Approvals:12e51e32-77ee-45ef-a643-55d4c7f6327c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "12e51e32-77ee-45ef-a643-55d4c7f6327c", + "name": "Detect \u0026 Response - Change Approvals" }, "related": { "ip": [ @@ -776,6 +1228,16 @@ "@timestamp": "2022-01-04T10:25:55.867Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Joseph Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -787,11 +1249,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955867,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955867,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Joseph Smith" ] }, "source": { @@ -814,13 +1288,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "name": "Joseph Smith" + } } }, { "@timestamp": "2022-01-04T10:25:55.857Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Lilly Smith", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -832,11 +1323,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955857,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955857,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Lilly Smith" ] }, "source": { @@ -859,13 +1362,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "name": "Lilly Smith" + } } }, { "@timestamp": "2022-01-04T10:25:55.839Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "SAM H", + "type": "User" + }, + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -877,11 +1397,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955839,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291955839,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"SAM H\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "SAM H" ] }, "source": { @@ -904,13 +1436,26 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" + }, + "name": "SAM H" + } } }, { "@timestamp": "2022-01-04T10:25:34.681Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "Group created", @@ -922,7 +1467,20 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291934681,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "Group created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1641291934681,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Detect \u0026 Response - Cost Approvals:b83d4a5e-1290-4a7a-88ba-5e24325f59f8\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "b83d4a5e-1290-4a7a-88ba-5e24325f59f8", + "name": "Detect \u0026 Response - Cost Approvals" }, "related": { "ip": [ @@ -956,6 +1514,16 @@ "@timestamp": "2021-12-07T16:46:02.860Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Lilly Smith", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -967,11 +1535,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562860,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562860,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Lilly Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Lilly Smith" ] }, "source": { @@ -994,13 +1574,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Lilly Smith" + } } }, { "@timestamp": "2021-12-07T16:46:02.848Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Joe Test", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -1012,11 +1609,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562848,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joe Test\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562848,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joe Test\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Joe Test" ] }, "source": { @@ -1039,13 +1648,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Joe Test" + } } }, { "@timestamp": "2021-12-07T16:46:02.837Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Joseph Smith", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -1057,11 +1683,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562837,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562837,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Joseph Smith\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Joseph Smith" ] }, "source": { @@ -1084,13 +1722,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Joseph Smith" + } } }, { "@timestamp": "2021-12-07T16:46:02.824Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Simon Johnson", + "type": "User" + }, + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -1102,11 +1757,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562824,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Johnson\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895562824,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Simon Johnson\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Simon Johnson" ] }, "source": { @@ -1129,13 +1796,26 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" + }, + "name": "Simon Johnson" + } } }, { "@timestamp": "2021-12-07T16:45:23.912Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "Group created", @@ -1147,7 +1827,20 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895523912,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "Group created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638895523912,\"summary\":\"Group created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Engineering / Sysadmins:12b5617d-bd45-450d-8b40-263238a886c4\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "id": "12b5617d-bd45-450d-8b40-263238a886c4", + "name": "Engineering / Sysadmins" }, "related": { "ip": [ @@ -1181,6 +1874,34 @@ "@timestamp": "2021-12-07T16:29:39.293Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Change Control", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Change Control" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "ACC" + } + ], "external_collaborator": false, "type": { "action": "Space configuration updated", @@ -1192,7 +1913,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894579293,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "Space configuration updated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894579293,\"summary\":\"Space configuration updated\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -1227,6 +1951,34 @@ "@timestamp": "2021-12-07T16:29:38.800Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Change Control", + "type": "Space" + } + ], + "changed_values": [ + { + "i18nKey": "Space type", + "key": "Space type", + "to": "global" + }, + { + "i18nKey": "Space status", + "key": "Space status", + "to": "CURRENT" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Change Control" + }, + { + "i18nKey": "Space key", + "key": "Space key", + "to": "ACC" + } + ], "external_collaborator": false, "type": { "action": "Space created", @@ -1238,7 +1990,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894578800,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "Space created", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"Lilly Smith\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"98435bcd1061baa5b4fbd19bd5810586\",\"userKey\":\"4711088e62a7b0cf381781a84574a70a\",\"accountId\":\"98435bcd1061baa5b4fbd19bd5810586\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638894578800,\"summary\":\"Space created\",\"description\":\"\",\"category\":\"Spaces\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Change Control\",\"objectType\":\"Space\"},\"changedValues\":[{\"name\":\"Space type\",\"oldValue\":\"\",\"newValue\":\"global\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space status\",\"oldValue\":\"\",\"newValue\":\"CURRENT\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Name\",\"oldValue\":\"\",\"newValue\":\"Change Control\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Space key\",\"oldValue\":\"\",\"newValue\":\"ACC\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -1273,6 +2028,16 @@ "@timestamp": "2021-11-29T17:10:34.800Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Another User", + "type": "User" + }, + { + "name": "jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -1284,11 +2049,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834800,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834800,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Another User" ] }, "source": { @@ -1311,13 +2088,30 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "b8d81944-e737-4da0-94ca-165fa5c0635c", + "name": "jira-software-users" + }, + "name": "Another User" + } } }, { "@timestamp": "2021-11-29T17:10:34.747Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Another User", + "type": "User" + }, + { + "name": "confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -1329,11 +2123,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834747,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834747,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"confluence-users:4375f4c3-bfdf-4f36-a62e-141ccf1588a3\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Another User\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Another User" ] }, "source": { @@ -1356,13 +2162,43 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "4375f4c3-bfdf-4f36-a62e-141ccf1588a3", + "name": "confluence-users" + }, + "name": "Another User" + } } }, { "@timestamp": "2021-11-29T17:10:34.455Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Another User", + "type": "User" + } + ], + "changed_values": [ + { + "i18nKey": "Display name", + "key": "Display name", + "to": "Another User" + }, + { + "i18nKey": "Email", + "key": "Email", + "to": "test@example.com" + }, + { + "i18nKey": "Active", + "key": "Active", + "to": "Yes" + } + ], "external_collaborator": false, "type": { "action": "User created", @@ -1374,7 +2210,16 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834455,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Another User\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Another User\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "User created", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1638205834455,\"summary\":\"User created\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"Another User\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Display name\",\"oldValue\":\"\",\"newValue\":\"Another User\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Email\",\"oldValue\":\"\",\"newValue\":\"test@example.com\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"},{\"name\":\"Active\",\"oldValue\":\"\",\"newValue\":\"Yes\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "creation" + ] }, "related": { "ip": [ @@ -1401,13 +2246,26 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "full_name": "Another User" + } } }, { "@timestamp": "2021-11-18T16:04:18.807Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "Username", + "type": "User" + }, + { + "name": "jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c", + "type": "Group" + } + ], "external_collaborator": false, "type": { "action": "User added to group", @@ -1419,11 +2277,23 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637251458807,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Username\",\"objectType\":\"User\"}]}" + "action": "User added to group", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637251458807,\"summary\":\"User added to group\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"jira-software-users:b8d81944-e737-4da0-94ca-165fa5c0635c\",\"objectType\":\"Group\"},\"changedValues\":[],\"associatedObjects\":[{\"name\":\"Username\",\"objectType\":\"User\"}]}", + "type": [ + "group", + "change" + ] }, "related": { "ip": [ "81.2.69.143" + ], + "user": [ + "Username" ] }, "source": { @@ -1446,13 +2316,34 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "group": { + "id": "b8d81944-e737-4da0-94ca-165fa5c0635c", + "name": "jira-software-users" + }, + "name": "Username" + } } }, { "@timestamp": "2021-11-17T16:00:37.285Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "John Doe (Unlicensed)", + "type": "User" + } + ], + "changed_values": [ + { + "from": "Yes", + "i18nKey": "Active", + "key": "Active", + "to": "No" + } + ], "external_collaborator": false, "type": { "action": "User details updated", @@ -1464,7 +2355,16 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837285,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Unlicensed)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "User details updated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837285,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Unlicensed)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "change" + ] }, "related": { "ip": [ @@ -1509,7 +2409,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837274,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "User deactivated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637164837274,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ @@ -1543,6 +2446,24 @@ "@timestamp": "2021-11-16T14:35:22.812Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "KB Articles to be Approved", + "type": "Page" + }, + { + "name": "Topics", + "type": "Space" + } + ], + "changed_values": [ + { + "from": "current", + "i18nKey": "Content status", + "key": "Content status", + "to": "archived" + } + ], "external_collaborator": false, "type": { "action": "Page archived", @@ -1554,7 +2475,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Doe\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"userKey\":\"7b4a0e7b52db25cdfc113f8e5b8e7aa2\",\"accountId\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637073322812,\"summary\":\"Page archived\",\"description\":\"\",\"category\":\"Page\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},\"changedValues\":[{\"name\":\"Content status\",\"oldValue\":\"current\",\"newValue\":\"archived\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},{\"name\":\"Topics\",\"objectType\":\"Space\"}]}" + "action": "Page archived", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"John Doe\",\"operations\":null,\"isExternalCollaborator\":false,\"username\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"userKey\":\"7b4a0e7b52db25cdfc113f8e5b8e7aa2\",\"accountId\":\"e6dd7842c44d594c024fc7129c1e4e49\",\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637073322812,\"summary\":\"Page archived\",\"description\":\"\",\"category\":\"Page\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},\"changedValues\":[{\"name\":\"Content status\",\"oldValue\":\"current\",\"newValue\":\"archived\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[{\"name\":\"KB Articles to be Approved\",\"objectType\":\"Page\"},{\"name\":\"Topics\",\"objectType\":\"Space\"}]}", + "type": "info" }, "related": { "ip": [ @@ -1589,6 +2513,20 @@ "@timestamp": "2021-11-16T09:25:56.738Z", "confluence": { "audit": { + "affected_objects": [ + { + "name": "John Doe (Deactivated)", + "type": "User" + } + ], + "changed_values": [ + { + "from": "Yes", + "i18nKey": "Active", + "key": "Active", + "to": "No" + } + ], "external_collaborator": false, "type": { "action": "User details updated", @@ -1600,7 +2538,16 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756738,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Deactivated)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}" + "action": "User details updated", + "category": [ + "iam" + ], + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756738,\"summary\":\"User details updated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"John Doe (Deactivated)\",\"objectType\":\"User\"},\"changedValues\":[{\"name\":\"Active\",\"oldValue\":\"Yes\",\"newValue\":\"No\",\"hiddenOldValue\":\"\",\"hiddenNewValue\":\"\"}],\"associatedObjects\":[]}", + "type": [ + "user", + "change" + ] }, "related": { "ip": [ @@ -1645,7 +2592,10 @@ "version": "8.0.0" }, "event": { - "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756666,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}" + "action": "User deactivated", + "kind": "event", + "original": "{\"author\":{\"type\":\"user\",\"displayName\":\"System\",\"operations\":null,\"isExternalCollaborator\":false,\"accountType\":\"\",\"publicName\":\"Unknown user\",\"externalCollaborator\":false},\"remoteAddress\":\"81.2.69.143\",\"creationDate\":1637054756666,\"summary\":\"User deactivated\",\"description\":\"\",\"category\":\"Users and groups\",\"sysAdmin\":false,\"superAdmin\":false,\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"changedValues\":[],\"associatedObjects\":[]}", + "type": "info" }, "related": { "ip": [ diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 6e363aa3124..8b3150d65d1 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -1286,8 +1286,10 @@ "full_name": "Anonymous", "id": "-2", "target": { + "email": "test.user@example.com", "full_name": "test.user", - "id": "2c9580827d4a06e8017d4a07c3e10000" + "id": "2c9580827d4a06e8017d4a07c3e10000", + "name": "admin" } } }, @@ -5493,8 +5495,10 @@ "full_name": "test.user", "id": "2c9580827d4a06e8017d4a07c3e10000", "target": { + "email": "another.user@example.como", "full_name": "Another User", - "id": "2c9580827d4a06e8017d4a0e9dda0001" + "id": "2c9580827d4a06e8017d4a0e9dda0001", + "name": "another.user" } } }, diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index 98661608a18..0a1c1e5dccc 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -28,7 +28,6 @@ request.transforms: - set: target: url.params.limit value: {{ limit }} - {{#if atlassian_cloud}} - set: target: url.params.startDate @@ -37,8 +36,11 @@ request.transforms: - set: target: url.params.endDate value: '[[now.Unix]]' + - set: + target: url.params.start + value: '0' response.split: - target: body.results + target: body.records response.pagination: - set: target: url.params.start @@ -47,7 +49,6 @@ response.pagination: cursor: last_timestamp: value: "[[.first_event.creationDate]]" - {{#else}} {{#unless username}} {{#unless password}} diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml index fdc8284dc8b..2767e19a9dc 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -29,7 +29,55 @@ processors: field: json.summary target_field: confluence.audit.type.action ignore_missing: true - +- set: + field: event.action + copy_from: confluence.audit.type.action + ignore_empty_value: true +- rename: + field: json.associatedObjects + target_field: confluence.audit.affected_objects + ignore_missing: true +- rename: + field: json.changedValues + target_field: confluence.audit.changed_values + ignore_missing: true +- script: + lang: painless + description: Modify data to match Self Hosted + source: >- + if(ctx.confluence?.audit?.affected_objects == null) { + ArrayList items = new ArrayList(); + ctx.confluence?.audit.put("affected_objects", items); + } + if(ctx.json?.affectedObject != null && !ctx.confluence?.audit?.affected_objects.contains(ctx.json?.affectedObject)) { + ctx.confluence?.audit?.affected_objects.add(ctx.json?.affectedObject); + } + + if(ctx.confluence?.audit?.affected_objects != null) { + for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { + if(ctx.confluence.audit.affected_objects[j]?.objectType != null) { + ctx.confluence.audit.affected_objects[j].put('type', ctx.confluence.audit.affected_objects[j].objectType); + ctx.confluence.audit.affected_objects[j].remove('objectType'); + } + } + } + if(ctx.confluence?.audit?.changed_values != null) { + for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { + if(ctx.confluence.audit.changed_values[j]?.name != null) { + ctx.confluence.audit.changed_values[j].put('i18nKey', ctx.confluence.audit.changed_values[j].name); + ctx.confluence.audit.changed_values[j].put('key', ctx.confluence.audit.changed_values[j].name); + ctx.confluence.audit.changed_values[j].remove('name'); + } + if(ctx.confluence.audit.changed_values[j]?.newValue != null) { + ctx.confluence.audit.changed_values[j].put('to', ctx.confluence.audit.changed_values[j].newValue); + ctx.confluence.audit.changed_values[j].remove('newValue'); + } + if(ctx.confluence.audit.changed_values[j]?.oldValue != null) { + ctx.confluence.audit.changed_values[j].put('from', ctx.confluence.audit.changed_values[j].oldValue); + ctx.confluence.audit.changed_values[j].remove('oldValue'); + } + } + } on_failure: - set: field: error.message diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index aa526f5189c..bb8e14bdc10 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -48,6 +48,332 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true +- script: + lang: painless + description: Add ECS categorization + params: + audit.logging.summary.global.permission.added: + category: + - iam + - configuration + type: + - admin + - creation + audit.logging.summary.space.permission.added: + category: + - iam + - configuration + type: + - admin + - creation + User created: + category: + - iam + type: + - user + - creation + audit.logging.summary.user.created: + category: + - iam + type: + - user + - creation + User renamed: + category: + - iam + type: + - user + - change + audit.logging.summary.user.renamed: + category: + - iam + type: + - user + - change + User details updated: + category: + - iam + type: + - user + - change + audit.logging.summary.user.updated: + category: + - iam + type: + - user + - change + User deleted: + category: + - iam + type: + - user + - deletion + audit.logging.summary.user.deleted: + category: + - iam + type: + - user + - deletion + User added to group: + category: + - iam + type: + - group + - change + audit.logging.summary.group.membership.added: + category: + - iam + type: + - group + - change + User removed from group: + category: + - iam + type: + - group + - change + audit.logging.summary.group.membership.removed: + category: + - iam + type: + - group + - change + Group created: + category: + - iam + type: + - group + - creation + audit.logging.summary.group.created: + category: + - iam + type: + - group + - creation + Group deleted: + category: + - iam + type: + - group + - deletion + audit.logging.summary.group.deleted: + category: + - iam + type: + - group + - deletion + Audit Log configuration updated: + category: + - configuration + type: + - admin + - change + atlassian.audit.event.action.audit.config.updated: + category: + - configuration + type: + - admin + - change + audit.logging.summary.global.settings.edited: + category: + - configuration + type: + - admin + - change + personal.access.tokens.audit.log.summary.token.created: + category: + - iam + type: + - admin + - creation + personal.access.tokens.audit.log.summary.token.deleted: + category: + - iam + type: + - admin + - deletion + audit.logging.summary.login.success: + category: + - authentication + type: + - start + outcome: success + audit.logging.summary.user.logout: + category: + - authentication + type: + - end + audit.logging.summary.login.failed: + category: + - authentication + type: + - info + outcome: failure + audit.logging.summary.user.password.changed: + category: + - iam + type: + - user + - change + outcome: success + audit.logging.summary.sudo.auth.successful: + category: + - authentication + type: + - admin + - start + audit.logging.summary.sudo.logout: + category: + - authentication + type: + - admin + - end + audit.logging.summary.space.created: + category: + - configuration + type: + - creation + audit.logging.summary.page.created: + category: + - configuration + type: + - creation + audit.logging.summary.page.deleted: + category: + - configuration + type: + - deletion + audit.logging.summary.space.removed: + category: + - configuration + type: + - deletion + audit.logging.summary.space.config.updated: + category: + - configuration + type: + - change + source: >- + ctx.event.kind = 'event'; + ctx.event.type = 'info'; + if (ctx?.event?.action == null) { + return; + } + if (params.get(ctx.event.action) == null) { + return; + } + def hm = new HashMap(params.get(ctx.event.action)); + hm.forEach((k, v) -> ctx.event[k] = v); +- script: + lang: painless + description: Add ECS User fields + if: "['audit.logging.category.user.management','audit.logging.category.auth'].contains(ctx.confluence?.audit?.type?.categoryI18nKey) || ['Users and groups'].contains(ctx.confluence?.audit?.type?.category)" + source: >- + if (ctx?.event?.action == null) { + return; + } + if (ctx.group == null) { + Map map = new HashMap(); + ctx.put("group", map); + } + if (ctx.user == null) { + Map map = new HashMap(); + ctx.put("user", map); + } + if (ctx.user?.target == null) { + Map map = new HashMap(); + ctx.user.put("target", map); + } + if (ctx.user?.changes == null) { + Map map = new HashMap(); + ctx.user.put("changes", map); + } + if (ctx.user?.target?.group == null) { + Map map = new HashMap(); + ctx.user.target.put("group", map); + } + if(ctx.confluence?.audit?.affected_objects != null) { + for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { + if(ctx.confluence?.audit?.affected_objects[j]?.type == 'Group') { + String group_name = ctx.confluence?.audit?.affected_objects[j]?.name; + String group_id = ctx.confluence?.audit?.affected_objects[j]?.id; + if(ctx._config?.atlassian_cloud != null) { + def m = /(.+):(\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b)$/.matcher(group_name); + if (m.find()) { + group_name = m.group(1); + group_id = m.group(2); + } + } + if(['audit.logging.summary.group.created', 'audit.logging.summary.group.deleted', 'Group created', 'Group deleted'].contains(ctx.event.action)) { + ctx.group.put("name", group_name); + ctx.group.put("id", group_id); + } + if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed', 'User added to group','User removed from group'].contains(ctx.event.action)) { + ctx.user.target.group.put("name", group_name); + ctx.user.target.group.put("id", group_id); + } + } + if(ctx.confluence?.audit?.affected_objects[j]?.type == 'User') { + if(['audit.logging.summary.user.created', 'audit.logging.summary.user.deleted', 'audit.logging.summary.user.password.changed','audit.logging.summary.user.updated', 'User created', 'User deleted', 'User details updated'].contains(ctx.event.action)) { + ctx.user.target.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { + def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); + if (m.find()) { + ctx.user.target.put("name", m.group(1)); + } + } + } + if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed', 'User added to group', 'User removed from group'].contains(ctx.event.action)) { + ctx.user.target.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + } + if(['audit.logging.summary.login.success', 'audit.logging.summary.login.failed'].contains(ctx.event.action)) { + ctx.user.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); + ctx.user.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); + if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { + def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); + if (m.find()) { + ctx.user.put("name", m.group(1)); + } + } + } + } + } + } + if(ctx.confluence?.audit?.changed_values != null) { + for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { + if(['audit.logging.summary.user.renamed', 'User renamed'].contains(ctx.event.action)) { + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'audit.logging.changed.value.username') { + ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + if(['audit.logging.summary.user.created','audit.logging.summary.user.updated', 'User created', 'User details updated'].contains(ctx.event.action)) { + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Username') { + ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.to); + if(ctx.confluence?.audit?.changed_values[j]?.from != null) { + ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Email') { + ctx.user.changes.put("email", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.to); + if(ctx.confluence?.audit?.changed_values[j]?.from != null) { + ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Display name') { + ctx.user.changes.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); + ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); + if(ctx.confluence?.audit?.changed_values[j]?.from != null) { + ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.from); + } + } + } + } + } - append: field: related.user value: '{{user.name}}' diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml index ee68be7d10c..784e16b60cf 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -65,266 +65,6 @@ processors: field: event.action copy_from: confluence.audit.type.actionI18nKey ignore_empty_value: true -- script: - lang: painless - description: Add ECS categorization - params: - audit.logging.summary.global.permission.added: - category: - - iam - - configuration - type: - - admin - - creation - audit.logging.summary.space.permission.added: - category: - - iam - - configuration - type: - - admin - - creation - audit.logging.summary.user.created: - category: - - iam - type: - - user - - creation - audit.logging.summary.user.renamed: - category: - - iam - type: - - user - - change - audit.logging.summary.user.updated: - category: - - iam - type: - - user - - change - audit.logging.summary.user.deleted: - category: - - iam - type: - - user - - deletion - audit.logging.summary.group.membership.added: - category: - - iam - type: - - group - - change - audit.logging.summary.group.membership.removed: - category: - - iam - type: - - group - - change - audit.logging.summary.group.created: - category: - - iam - type: - - group - - creation - audit.logging.summary.group.deleted: - category: - - iam - type: - - group - - deletion - atlassian.audit.event.action.audit.config.updated: - category: - - configuration - type: - - admin - - change - audit.logging.summary.global.settings.edited: - category: - - configuration - type: - - admin - - change - personal.access.tokens.audit.log.summary.token.created: - category: - - iam - type: - - admin - - creation - personal.access.tokens.audit.log.summary.token.deleted: - category: - - iam - type: - - admin - - deletion - audit.logging.summary.login.success: - category: - - authentication - type: - - start - outcome: success - audit.logging.summary.user.logout: - category: - - authentication - type: - - end - audit.logging.summary.login.failed: - category: - - authentication - type: - - info - outcome: failure - audit.logging.summary.user.password.changed: - category: - - iam - type: - - user - - change - outcome: success - audit.logging.summary.sudo.auth.successful: - category: - - authentication - type: - - admin - - start - audit.logging.summary.sudo.logout: - category: - - authentication - type: - - admin - - end - audit.logging.summary.space.created: - category: - - configuration - type: - - creation - audit.logging.summary.page.created: - category: - - configuration - type: - - creation - audit.logging.summary.page.deleted: - category: - - configuration - type: - - deletion - audit.logging.summary.space.removed: - category: - - configuration - type: - - deletion - audit.logging.summary.space.config.updated: - category: - - configuration - type: - - change - source: >- - ctx.event.kind = 'event'; - ctx.event.type = 'info'; - if (ctx?.event?.action == null) { - return; - } - if (params.get(ctx.event.action) == null) { - return; - } - def hm = new HashMap(params.get(ctx.event.action)); - hm.forEach((k, v) -> ctx.event[k] = v); -- script: - lang: painless - description: Add ECS User fields - if: "['audit.logging.category.user.management','audit.logging.category.auth'].contains(ctx.confluence?.audit?.type?.categoryI18nKey)" - source: >- - if (ctx?.event?.action == null) { - return; - } - if (ctx.group == null) { - Map map = new HashMap(); - ctx.put("group", map); - } - if (ctx.user == null) { - Map map = new HashMap(); - ctx.put("user", map); - } - if (ctx.user?.target == null) { - Map map = new HashMap(); - ctx.user.put("target", map); - } - if (ctx.user?.changes == null) { - Map map = new HashMap(); - ctx.user.put("changes", map); - } - if (ctx.user?.target?.group == null) { - Map map = new HashMap(); - ctx.user.target.put("group", map); - } - if(ctx.confluence?.audit?.affected_objects != null) { - for (def j = 0; j < ctx.confluence?.audit?.affected_objects.length; j++) { - if(ctx.confluence?.audit?.affected_objects[j]?.type == 'Group') { - if(['audit.logging.summary.group.created', 'audit.logging.summary.group.deleted'].contains(ctx.event.action)) { - ctx.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - } - if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { - ctx.user.target.group.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.group.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - } - } - if(ctx.confluence?.audit?.affected_objects[j]?.type == 'User') { - if(['audit.logging.summary.user.created', 'audit.logging.summary.user.deleted', 'audit.logging.summary.user.password.changed','audit.logging.summary.user.updated'].contains(ctx.event.action)) { - ctx.user.target.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { - def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); - if (m.find()) { - ctx.user.target.put("name", m.group(1)); - } - } - } - if(['audit.logging.summary.group.membership.added', 'audit.logging.summary.group.membership.removed'].contains(ctx.event.action)) { - ctx.user.target.put("name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.target.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - } - if(['audit.logging.summary.login.success', 'audit.logging.summary.login.failed'].contains(ctx.event.action)) { - ctx.user.put("full_name", ctx.confluence?.audit?.affected_objects[j]?.name); - ctx.user.put("id", ctx.confluence?.audit?.affected_objects[j]?.id); - if(ctx.confluence?.audit?.affected_objects[j]?.uri != null) { - def m = /\?username=([a-zA-Z0-9._-]+)$/.matcher(ctx.confluence?.audit?.affected_objects[j]?.uri); - if (m.find()) { - ctx.user.put("name", m.group(1)); - } - } - } - } - } - } - if(ctx.confluence?.audit?.changed_values != null) { - for (def j = 0; j < ctx.confluence?.audit?.changed_values.length; j++) { - if(['audit.logging.summary.user.renamed'].contains(ctx.event.action)) { - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'audit.logging.changed.value.username') { - ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); - ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - if(['audit.logging.summary.user.created','audit.logging.summary.user.updated'].contains(ctx.event.action)) { - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Username') { - ctx.user.changes.put("name", ctx.confluence?.audit?.changed_values[j]?.to); - if(ctx.confluence?.audit?.changed_values[j]?.from != null) { - ctx.user.target.put("name", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Email') { - ctx.user.changes.put("email", ctx.confluence?.audit?.changed_values[j]?.to); - if(ctx.confluence?.audit?.changed_values[j]?.from != null) { - ctx.user.target.put("email", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - if(ctx.confluence?.audit?.changed_values[j]?.i18nKey == 'Display name') { - ctx.user.changes.put("full_name", ctx.confluence?.audit?.changed_values[j]?.to); - if(ctx.confluence?.audit?.changed_values[j]?.from != null) { - ctx.user.target.put("full_name", ctx.confluence?.audit?.changed_values[j]?.from); - } - } - } - } - } - append: field: related.hosts value: '{{_tmp.service.domain}}' diff --git a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml index 736fdc24a39..e34c06aaa9d 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml @@ -12,6 +12,8 @@ name: user.full_name - external: ecs name: user.target.full_name +- external: ecs + name: user.target.email - external: ecs name: user.target.group.id - external: ecs diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 44d03bf78df..51e318cf99a 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -6,7 +6,7 @@ The Confluence integration collects [audit logs](https://confluence.atlassian.co ### Audit -The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. +The Confluence integration collects audit logs from the audit log files or the audit API from self hosted Confluence Data Center. It has been tested with Confluence 7.14.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian Confluence Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. **Exported fields** @@ -96,6 +96,7 @@ The Confluence integration collects audit logs from the audit log files or the a | user.id | Unique identifier of the user. | keyword | | user.name | Short name or login of the user. | keyword | | user.name.text | Multi-field of `user.name`. | match_only_text | +| user.target.email | User email address. | keyword | | user.target.full_name | User's full name, if available. | keyword | | user.target.full_name.text | Multi-field of `user.target.full_name`. | match_only_text | | user.target.group.id | Unique identifier for the group on the system/platform. | keyword | diff --git a/packages/atlassian_jira/_dev/build/docs/README.md b/packages/atlassian_jira/_dev/build/docs/README.md index cffbe784c24..8481ce578e9 100644 --- a/packages/atlassian_jira/_dev/build/docs/README.md +++ b/packages/atlassian_jira/_dev/build/docs/README.md @@ -6,7 +6,7 @@ The Jira integration collects audit logs from the audit log files or the [audit ### Audit -The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. This has not been tested with Jira Cloud and is not expected to work. +The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian JIRA Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. {{fields "audit"}} diff --git a/packages/atlassian_jira/_dev/deploy/docker/files/config.yml b/packages/atlassian_jira/_dev/deploy/docker/files/config.yml index 95e091754ad..f8e5c104b55 100644 --- a/packages/atlassian_jira/_dev/deploy/docker/files/config.yml +++ b/packages/atlassian_jira/_dev/deploy/docker/files/config.yml @@ -1,4 +1,5 @@ rules: + # JIRA Self Hosted - path: /rest/auditing/1.0/events methods: ["GET"] request_headers: @@ -23,3 +24,30 @@ rules: - status_code: 200 body: |- {"entities":[{"timestamp":"2021-11-22T00:34:47.536Z","author":{"name":"test.user","type":"ApplicationUser","id":"10000","uri":"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"175.16.199.1","system":"http://jira.internal:8088","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"45 - 94"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"50"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-22T00:08:34.163Z - 2021-11-22T00:34:40.008Z"}]},{"timestamp":"2021-11-22T00:34:40.008Z","author":{"name":"test.user","type":"ApplicationUser","id":"10000","uri":"http://jira.internal:8088/secure/ViewProfile.jspa?name=test.user","avatarUri":""},"type":{"categoryI18nKey":"atlassian.audit.event.category.audit","category":"Auditing","actionI18nKey":"atlassian.audit.event.action.audit.search","action":"Audit Log search performed"},"affectedObjects":[],"changedValues":[],"source":"175.16.199.1","system":"http://jira.internal:8088","method":"Browser","extraAttributes":[{"nameI18nKey":"atlassian.audit.event.attribute.id","name":"ID Range","value":"44 - 93"},{"nameI18nKey":"atlassian.audit.event.attribute.query","name":"Query","value":""},{"nameI18nKey":"atlassian.audit.event.attribute.results","name":"Results returned","value":"50"},{"nameI18nKey":"atlassian.audit.event.attribute.timestamp","name":"Timestamp Range","value":"2021-11-22T00:08:34.151Z - 2021-11-22T00:34:23.154Z"}]}],"pagingInfo":{"nextPageOffset":0,"nextPageCursor":"1637539714166,47","nextPageLink":"http://{{ hostname }}:{{ env "PORT" }}/rest/auditing/1.0/events?offset=0&limit=2&pageCursor=1637539714166,47","lastPage":false,"size":2}} + # JIRA Cloud + - path: /rest/api/3/auditing/record + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + from: "{from:.*}" + to: "{to:.*}" + offset: "2" + limit: "2" + responses: + - status_code: 200 + body: |- + {"offset":2,"limit":2,"total":4,"records":[{"id":11939,"summary":"User added to group","created":"2022-01-18T08:43:02.838+0000","category":"group management","eventSource":"","objectItem":{"name":"jira-software-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]},{"id":11938,"summary":"User added to group","created":"2022-01-18T08:43:02.768+0000","category":"group management","eventSource":"","objectItem":{"name":"confluence-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]}]} + - path: /rest/api/3/auditing/record + methods: ["GET"] + request_headers: + authorization: Basic dGVzdC51c2VyOmFiYzEyMw== + query_params: + from: "{from:.*}" + to: "{to:.*}" + limit: "2" + offset: "0" + responses: + - status_code: 200 + body: |- + {"offset":0,"limit":2,"total":4,"records":[{"id":11652,"summary":"User updated","created":"2021-11-17T16:00:37.374+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]},{"id":11651,"summary":"User updated","created":"2021-11-16T09:25:56.725+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]}]} diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index d2abe8881cb..c6357c0afa0 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,8 @@ # newer versions go on top +- version: "1.3.0" + - description: Add support for Atlassian JIRA Cloud + type: enhancement + link: https://github.com/elastic/integrations/pull/2715 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log new file mode 100644 index 00000000000..71edd1a75cb --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log @@ -0,0 +1,82 @@ +{"id":11959,"summary":"Project deleted","created":"2022-01-24T08:48:05.645+0000","category":"projects","eventSource":"","objectItem":{"id":"10000","name":"Test","typeName":"PROJECT"}} +{"id":11958,"summary":"Field Configuration scheme deleted","created":"2022-01-24T08:48:05.316+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"}} +{"id":11957,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:05.097+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Subtask","changedTo":""}]} +{"id":11956,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.939+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Epic","changedTo":""}]} +{"id":11955,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.716+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Bug","changedTo":""}]} +{"id":11954,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.530+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Task","changedTo":""}]} +{"id":11953,"summary":"Field Configuration scheme updated","created":"2022-01-24T08:48:04.167+0000","category":"fields","eventSource":"","objectItem":{"id":"10000","name":"Field Configuration Scheme for Project TEST","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":""},{"fieldName":"Issue Type","changedFrom":"Story","changedTo":""}]} +{"id":11952,"summary":"Workflow scheme deleted","created":"2022-01-24T08:48:04.020+0000","category":"workflows","eventSource":"","objectItem":{"id":"10001","name":"TEST: Software Simplified Workflow Scheme","typeName":"SCHEME"}} +{"id":11951,"summary":"Workflow deleted","created":"2022-01-24T08:48:03.965+0000","category":"workflows","eventSource":"","objectItem":{"id":"Project TEST: Software Workflow for 10001","name":"Project TEST: Software Workflow for 10001","typeName":"WORKFLOW"}} +{"id":11950,"summary":"Notification scheme deleted","created":"2022-01-24T08:48:03.371+0000","category":"notifications","eventSource":"","objectItem":{"id":"10001","name":"TEST: Simplified Notification Scheme","typeName":"SCHEME"}} +{"id":11949,"summary":"Project role deleted","created":"2022-01-24T08:48:03.355+0000","category":"projects","eventSource":"","objectItem":{"id":"10006","name":"Viewer","typeName":"PROJECT_ROLE"}} +{"id":11948,"summary":"Project role deleted","created":"2022-01-24T08:48:03.339+0000","category":"projects","eventSource":"","objectItem":{"id":"10005","name":"Member","typeName":"PROJECT_ROLE"}} +{"id":11947,"summary":"Project role deleted","created":"2022-01-24T08:48:03.322+0000","category":"projects","eventSource":"","objectItem":{"id":"10007","name":"atlassian-addons-project-access","typeName":"PROJECT_ROLE"}} +{"id":11946,"summary":"Project role deleted","created":"2022-01-24T08:48:03.305+0000","category":"projects","eventSource":"","objectItem":{"id":"10004","name":"Administrator","typeName":"PROJECT_ROLE"}} +{"id":11945,"summary":"Issue Security scheme deleted","created":"2022-01-24T08:48:03.259+0000","category":"permissions","eventSource":"","objectItem":{"id":"10000","name":"TEST: Simplified Issue Security Scheme","typeName":"SCHEME"}} +{"id":11944,"summary":"Permission scheme deleted","created":"2022-01-24T08:48:03.223+0000","category":"permissions","eventSource":"","objectItem":{"id":"10000","name":"TEST: Simplified Permission Scheme","typeName":"SCHEME"}} +{"id":11939,"summary":"User added to group","created":"2022-01-18T08:43:02.838+0000","category":"group management","eventSource":"","objectItem":{"name":"jira-software-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11938,"summary":"User added to group","created":"2022-01-18T08:43:02.768+0000","category":"group management","eventSource":"","objectItem":{"name":"confluence-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11937,"summary":"User created","created":"2022-01-18T08:43:02.602+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"ug:2281b112-0f77-4305-b779-66d30930eb83","name":"ug:2281b112-0f77-4305-b779-66d30930eb83","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11935,"summary":"User added to group","created":"2022-01-14T16:37:07.126+0000","category":"group management","eventSource":"","objectItem":{"name":"confluence-users","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","name":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11934,"summary":"User created","created":"2022-01-14T16:37:07.019+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","name":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","name":"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11933,"summary":"User's password changed","remoteAddress":"81.2.69.193","created":"2022-01-10T12:44:41.065+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11932,"summary":"Workflow updated","remoteAddress":"10.83.76.139","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2022-01-06T09:49:07.418+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11931,"summary":"Workflow updated","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2022-01-05T07:23:49.369+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11930,"summary":"Workflow updated","remoteAddress":"10.83.76.139","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2022-01-05T07:23:49.162+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11898,"summary":"Workflow updated","remoteAddress":"10.83.62.36","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-12-13T14:10:35.436+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"}} +{"id":11897,"summary":"User's password changed","remoteAddress":"81.2.69.193","created":"2021-12-10T11:57:29.971+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11896,"summary":"User created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-10T11:53:37.982+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11895,"summary":"Customer invited notification changed","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-10T11:52:39.940+0000","category":"projects","eventSource":"","objectItem":{"id":"10003","name":"Support","typeName":"PROJECT"},"changedValues":[{"fieldName":"isEnabled","changedFrom":"false","changedTo":"true"}],"associatedItems":[{"id":"10003","name":"Support","typeName":"PROJECT"}]} +{"id":11894,"summary":"User created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T17:15:05.069+0000","category":"user management","eventSource":"","objectItem":{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedTo":"Active"}],"associatedItems":[{"id":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","name":"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11893,"summary":"Customer permissions changed","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T17:03:54.188+0000","category":"projects","eventSource":"","description":"Update who can access the portal and send requests","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"Customer access","changedFrom":"Anyone with an account","changedTo":"Customers my team adds to the project"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11892,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:56:48.122+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"89","changedTo":""},{"fieldName":"description","changedFrom":"Want to access work stuff from outside? Let us know.","changedTo":""},{"fieldName":"name","changedFrom":"Set up VPN to the office","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10024","changedTo":""},{"fieldName":"iconId","changedFrom":"10526","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11891,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:56:24.940+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"86","changedTo":""},{"fieldName":"description","changedFrom":"Get assistance for general IT problems and questions.","changedTo":""},{"fieldName":"name","changedFrom":"Get IT help","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10024","changedTo":""},{"fieldName":"iconId","changedFrom":"10541","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11890,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:56:07.861+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"96","changedTo":""},{"fieldName":"description","changedFrom":"Need a mobile phone or time for replacement? Let us know.","changedTo":""},{"fieldName":"name","changedFrom":"New mobile device","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10025","changedTo":""},{"fieldName":"iconId","changedFrom":"10534","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11889,"summary":"Request type deleted","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:54:03.906+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"88","changedTo":""},{"fieldName":"description","changedFrom":"Raise a request to ask for temp wifi access for guests.","changedTo":""},{"fieldName":"name","changedFrom":"Get a guest wifi account","changedTo":""},{"fieldName":"issueTypeId","changedFrom":"10024","changedTo":""},{"fieldName":"iconId","changedFrom":"10519","changedTo":""}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11888,"summary":"User added to group","created":"2021-12-07T16:46:02.950+0000","category":"group management","eventSource":"","objectItem":{"name":"Eng Sys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11887,"summary":"User added to group","created":"2021-12-07T16:46:02.944+0000","category":"group management","eventSource":"","objectItem":{"name":"EngSys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579","name":"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11886,"summary":"User added to group","created":"2021-12-07T16:46:02.939+0000","category":"group management","eventSource":"","objectItem":{"name":"Eng Sys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:1b93c61c-2382-4f4e-8f38-f901c702845f","name":"ug:1b93c61c-2382-4f4e-8f38-f901c702845f","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11885,"summary":"User added to group","created":"2021-12-07T16:46:02.932+0000","category":"group management","eventSource":"","objectItem":{"name":"EngSys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"},"associatedItems":[{"id":"ug:016dd2df-318a-4b92-908d-b0b9e531c60f","name":"ug:016dd2df-318a-4b92-908d-b0b9e531c60f","typeName":"USER","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}]} +{"id":11884,"summary":"Group created","created":"2021-12-07T16:45:24.007+0000","category":"group management","eventSource":"","objectItem":{"name":"Eng Sys","typeName":"GROUP","parentId":"10000","parentName":"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"}} +{"id":11883,"summary":"Project created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:41.490+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Unassigned"},{"fieldName":"Project lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":""},{"fieldName":"Key","changedTo":"ACC"},{"fieldName":"Name","changedTo":"Change Control"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11882,"summary":"Custom email channel turned on","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:38.789+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"userName","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"host","changedFrom":"","changedTo":"mailstore"},{"fieldName":"port","changedFrom":"","changedTo":"110"},{"fieldName":"tlsEnabled","changedFrom":"","changedTo":"false"},{"fieldName":"emailAddress","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"protocol","changedFrom":"","changedTo":"vertimail"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11881,"summary":"Cloud Email settings created","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:38.773+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"id","changedFrom":"","changedTo":"7"},{"fieldName":"requestTypeId","changedFrom":"","changedTo":"95"},{"fieldName":"serviceDeskId","changedFrom":"","changedTo":"6"},{"fieldName":"emailAddress","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11880,"summary":"Cloud email channel turned on","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:38.426+0000","category":"projects","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"changedValues":[{"fieldName":"userName","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"host","changedFrom":"","changedTo":"mailstore"},{"fieldName":"port","changedFrom":"","changedTo":"110"},{"fieldName":"tlsEnabled","changedFrom":"","changedTo":"null"},{"fieldName":"emailAddress","changedFrom":"","changedTo":"support@cyberfort.atlassian.net"},{"fieldName":"protocol","changedFrom":"","changedTo":"vertimail"}],"associatedItems":[{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11879,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.956+0000","category":"projects","eventSource":"","objectItem":{"id":"10099","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11878,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.930+0000","category":"projects","eventSource":"","objectItem":{"id":"10098","name":"VPN Server","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"VPN Server"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11877,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.903+0000","category":"projects","eventSource":"","objectItem":{"id":"10097","name":"Public Website","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Public Website"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11876,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.877+0000","category":"projects","eventSource":"","objectItem":{"id":"10096","name":"Printers","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Printers"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11875,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.849+0000","category":"projects","eventSource":"","objectItem":{"id":"10095","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11874,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.823+0000","category":"projects","eventSource":"","objectItem":{"id":"10094","name":"Office Network","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Office Network"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11873,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.797+0000","category":"projects","eventSource":"","objectItem":{"id":"10093","name":"Jira","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Jira"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11872,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.770+0000","category":"projects","eventSource":"","objectItem":{"id":"10092","name":"Intranet","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Intranet"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11871,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.743+0000","category":"projects","eventSource":"","objectItem":{"id":"10091","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11870,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.717+0000","category":"projects","eventSource":"","objectItem":{"id":"10090","name":"Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11869,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.691+0000","category":"projects","eventSource":"","objectItem":{"id":"10089","name":"Email and Collaboration Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Email and Collaboration Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11868,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.664+0000","category":"projects","eventSource":"","objectItem":{"id":"10088","name":"Data Center Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Data Center Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11867,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.637+0000","category":"projects","eventSource":"","objectItem":{"id":"10087","name":"Cloud Storage Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Cloud Storage Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11866,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.609+0000","category":"projects","eventSource":"","objectItem":{"id":"10086","name":"Billing Services","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Billing Services"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11865,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.561+0000","category":"projects","eventSource":"","objectItem":{"id":"10085","name":"Analytics and Reporting Service","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Analytics and Reporting Service"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11864,"summary":"Project component created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.529+0000","category":"projects","eventSource":"","objectItem":{"id":"10084","name":"Active Directory","typeName":"PROJECT_COMPONENT"},"changedValues":[{"fieldName":"Default Assignee","changedTo":"Project Default"},{"fieldName":"Component Lead","changedTo":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3"},{"fieldName":"Description","changedTo":"Created by Jira Service Management"},{"fieldName":"Name","changedTo":"Active Directory"}],"associatedItems":[{"id":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","name":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},{"id":"10022","name":"Change Control","typeName":"PROJECT"}]} +{"id":11863,"summary":"Workflow scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.499+0000","category":"workflows","eventSource":"","objectItem":{"id":"10022","name":"Change Control","typeName":"PROJECT"},"associatedItems":[{"id":"10023","name":"Jira Service Management IT Support Workflow Scheme generated for Project ACC","typeName":"SCHEME"}]} +{"id":11862,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.468+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Jira Service Management default workflow","name":"ACC: Jira Service Management default workflow","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedFrom":"","changedTo":"This Jira Service Management default workflow was generated for Project ACC"}]} +{"id":11861,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.448+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Jira Service Management default workflow","name":"ACC: Jira Service Management default workflow","typeName":"WORKFLOW"}} +{"id":11860,"summary":"Workflow created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.421+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Jira Service Management default workflow","name":"ACC: Jira Service Management default workflow","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedTo":""},{"fieldName":"Name","changedTo":"ACC: Jira Service Management default workflow"}]} +{"id":11859,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.329+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Problem Management workflow for Jira Service Management","name":"ACC: Problem Management workflow for Jira Service Management","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedFrom":"","changedTo":"This Jira Service Management Problem Management workflow was generated for Project ACC"}]} +{"id":11858,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.310+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Problem Management workflow for Jira Service Management","name":"ACC: Problem Management workflow for Jira Service Management","typeName":"WORKFLOW"}} +{"id":11857,"summary":"Workflow created","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.283+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Problem Management workflow for Jira Service Management","name":"ACC: Problem Management workflow for Jira Service Management","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedTo":""},{"fieldName":"Name","changedTo":"ACC: Problem Management workflow for Jira Service Management"}]} +{"id":11856,"summary":"Workflow updated","remoteAddress":"81.2.69.193","authorKey":"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3","authorAccountId":"5e72548417c6640c385f2a16","created":"2021-12-07T16:29:36.186+0000","category":"workflows","eventSource":"","objectItem":{"id":"ACC: Incident Management workflow for Jira Service Management","name":"ACC: Incident Management workflow for Jira Service Management","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Description","changedFrom":"","changedTo":"This Jira Service Management Incident Management workflow was generated for Project ACC"}]} +{"id":11663,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:11.410+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"","changedTo":"PEN-10052"},{"fieldName":"Issue Type","changedFrom":"","changedTo":"Subtask"}]} +{"id":11662,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:11.132+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"","changedTo":"PEN-10051"},{"fieldName":"Issue Type","changedFrom":"","changedTo":"Epic"}]} +{"id":11661,"summary":"Workflow scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.771+0000","category":"workflows","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10019","name":"PEN: Software Simplified Workflow Scheme","typeName":"SCHEME"}]} +{"id":11660,"summary":"Workflow scheme created","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.754+0000","category":"workflows","eventSource":"","objectItem":{"id":"10019","name":"PEN: Software Simplified Workflow Scheme","typeName":"SCHEME"},"changedValues":[{"fieldName":"Description","changedTo":""},{"fieldName":"Name","changedTo":"PEN: Software Simplified Workflow Scheme"}]} +{"id":11659,"summary":"Workflow created","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.744+0000","category":"workflows","eventSource":"","objectItem":{"id":"Software workflow for project 10018","name":"Software workflow for project 10018","typeName":"WORKFLOW"},"changedValues":[{"fieldName":"Name","changedTo":"Software workflow for project 10018"}]} +{"id":11658,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.473+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"","changedTo":"PEN-10050"},{"fieldName":"Issue Type","changedFrom":"","changedTo":"Task"}]} +{"id":11657,"summary":"Field Configuration scheme updated","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.265+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Field Configuration","changedFrom":"Default Field Configuration","changedTo":"Field Layout for PEN"},{"fieldName":"Issue Type","changedFrom":"Default","changedTo":"Default"}]} +{"id":11656,"summary":"Field Configuration scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.174+0000","category":"fields","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"}]} +{"id":11655,"summary":"Field Configuration scheme created","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.146+0000","category":"fields","eventSource":"","objectItem":{"id":"10015","name":"Field Configuration Scheme for Project PEN","typeName":"SCHEME"},"changedValues":[{"fieldName":"Description","changedTo":"This Field Configuration Scheme was generated for Project PEN"},{"fieldName":"Name","changedTo":"Field Configuration Scheme for Project PEN"}]} +{"id":11654,"summary":"Issue Security scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.114+0000","category":"permissions","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10010","name":"PEN: Simplified Issue Security Scheme","typeName":"SCHEME"}]} +{"id":11653,"summary":"Permission scheme added to project","remoteAddress":"81.2.69.193","authorKey":"ug:0613fc34-a1b3-4137-b06e-fd92c3094033","authorAccountId":"5ff328f2a9d0300107c045a6","created":"2021-11-18T10:58:10.062+0000","category":"permissions","eventSource":"","objectItem":{"id":"10018","name":"Arcturus Assurance","typeName":"PROJECT"},"associatedItems":[{"id":"10016","name":"PEN: Simplified Permission Scheme","typeName":"SCHEME"}]} +{"id":11652,"summary":"User updated","created":"2021-11-17T16:00:37.374+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","name":"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11651,"summary":"User updated","created":"2021-11-16T09:25:56.725+0000","category":"user management","eventSource":"","objectItem":{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"},"changedValues":[{"fieldName":"Active / Inactive","changedFrom":"Active","changedTo":"Inactive"}],"associatedItems":[{"id":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","name":"ug:7759808b-4fa4-4053-a8f5-136c382be65a","typeName":"USER","parentId":"10000","parentName":"IDP Directory"}]} +{"id":11650,"summary":"Custom field created","created":"2021-11-16T08:48:05.867+0000","category":"fields","eventSource":"","objectItem":{"id":"customfield_10072","name":"Work category","typeName":"CUSTOM_FIELD"},"changedValues":[{"fieldName":"Type","changedTo":"Work category"},{"fieldName":"Description","changedTo":"Jira system field that displays the category of work a specific issue belongs to."},{"fieldName":"Name","changedTo":"Work category"}]} \ No newline at end of file diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml new file mode 100644 index 00000000000..b50c2007781 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-config.yml @@ -0,0 +1,5 @@ +fields: + _config: + atlassian_cloud: true + tags: + - preserve_original_event diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json new file mode 100644 index 00000000000..f4bd8959961 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -0,0 +1,5047 @@ +{ + "expected": [ + { + "@timestamp": "2022-01-24T08:48:05.645Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project deleted", + "id": 11959, + "kind": "event", + "original": "{\"id\":11959,\"summary\":\"Project deleted\",\"created\":\"2022-01-24T08:48:05.645+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Test\",\"typeName\":\"PROJECT\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Test", + "type": "PROJECT" + } + ], + "type": { + "action": "Project deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:05.316Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme deleted", + "id": 11958, + "kind": "event", + "original": "{\"id\":11958,\"summary\":\"Field Configuration scheme deleted\",\"created\":\"2022-01-24T08:48:05.316+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "type": { + "action": "Field Configuration scheme deleted", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:05.097Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11957, + "kind": "event", + "original": "{\"id\":11957,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:05.097+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Subtask\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Subtask", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.939Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11956, + "kind": "event", + "original": "{\"id\":11956,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.939+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Epic\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Epic", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.716Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11955, + "kind": "event", + "original": "{\"id\":11955,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.716+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Bug\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Bug", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.530Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11954, + "kind": "event", + "original": "{\"id\":11954,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.530+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Task\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Task", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.167Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11953, + "kind": "event", + "original": "{\"id\":11953,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.167+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Story\",\"changedTo\":\"\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "Field Configuration Scheme for Project TEST", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration" + }, + { + "from": "Story", + "i18nKey": "Issue Type", + "key": "Issue Type" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:04.020Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow scheme deleted", + "id": 11952, + "kind": "event", + "original": "{\"id\":11952,\"summary\":\"Workflow scheme deleted\",\"created\":\"2022-01-24T08:48:04.020+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10001\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10001", + "name": "TEST: Software Simplified Workflow Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Workflow scheme deleted", + "category": "workflows" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.965Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow deleted", + "id": 11951, + "kind": "event", + "original": "{\"id\":11951,\"summary\":\"Workflow deleted\",\"created\":\"2022-01-24T08:48:03.965+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Project TEST: Software Workflow for 10001\",\"name\":\"Project TEST: Software Workflow for 10001\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Project TEST: Software Workflow for 10001", + "name": "Project TEST: Software Workflow for 10001", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow deleted", + "category": "workflows" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.371Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Notification scheme deleted", + "id": 11950, + "kind": "event", + "original": "{\"id\":11950,\"summary\":\"Notification scheme deleted\",\"created\":\"2022-01-24T08:48:03.371+0000\",\"category\":\"notifications\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10001\",\"name\":\"TEST: Simplified Notification Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10001", + "name": "TEST: Simplified Notification Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Notification scheme deleted", + "category": "notifications" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.355Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project role deleted", + "id": 11949, + "kind": "event", + "original": "{\"id\":11949,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.355+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10006\",\"name\":\"Viewer\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10006", + "name": "Viewer", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.339Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project role deleted", + "id": 11948, + "kind": "event", + "original": "{\"id\":11948,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.339+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10005\",\"name\":\"Member\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10005", + "name": "Member", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.322Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project role deleted", + "id": 11947, + "kind": "event", + "original": "{\"id\":11947,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.322+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10007\",\"name\":\"atlassian-addons-project-access\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10007", + "name": "atlassian-addons-project-access", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.305Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project role deleted", + "id": 11946, + "kind": "event", + "original": "{\"id\":11946,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.305+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10004\",\"name\":\"Administrator\",\"typeName\":\"PROJECT_ROLE\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10004", + "name": "Administrator", + "type": "PROJECT_ROLE" + } + ], + "type": { + "action": "Project role deleted", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.259Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Issue Security scheme deleted", + "id": 11945, + "kind": "event", + "original": "{\"id\":11945,\"summary\":\"Issue Security scheme deleted\",\"created\":\"2022-01-24T08:48:03.259+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"TEST: Simplified Issue Security Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "TEST: Simplified Issue Security Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Issue Security scheme deleted", + "category": "permissions" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-24T08:48:03.223Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Permission scheme deleted", + "id": 11944, + "kind": "event", + "original": "{\"id\":11944,\"summary\":\"Permission scheme deleted\",\"created\":\"2022-01-24T08:48:03.223+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"TEST: Simplified Permission Scheme\",\"typeName\":\"SCHEME\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10000", + "name": "TEST: Simplified Permission Scheme", + "type": "SCHEME" + } + ], + "type": { + "action": "Permission scheme deleted", + "category": "permissions" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-18T08:43:02.838Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11939, + "kind": "event", + "original": "{\"id\":11939,\"summary\":\"User added to group\",\"created\":\"2022-01-18T08:43:02.838+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"jira-software-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "jira-software-users", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:2281b112-0f77-4305-b779-66d30930eb83" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "jira-software-users" + }, + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83" + } + } + }, + { + "@timestamp": "2022-01-18T08:43:02.768Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11938, + "kind": "event", + "original": "{\"id\":11938,\"summary\":\"User added to group\",\"created\":\"2022-01-18T08:43:02.768+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"confluence-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "confluence-users", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:2281b112-0f77-4305-b779-66d30930eb83" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "confluence-users" + }, + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83" + } + } + }, + { + "@timestamp": "2022-01-18T08:43:02.602Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": 11937, + "kind": "event", + "original": "{\"id\":11937,\"summary\":\"User created\",\"created\":\"2022-01-18T08:43:02.602+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "user": [ + "ug:2281b112-0f77-4305-b779-66d30930eb83" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "id": "ug:2281b112-0f77-4305-b779-66d30930eb83", + "name": "ug:2281b112-0f77-4305-b779-66d30930eb83" + } + } + }, + { + "@timestamp": "2022-01-14T16:37:07.126Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11935, + "kind": "event", + "original": "{\"id\":11935,\"summary\":\"User added to group\",\"created\":\"2022-01-14T16:37:07.126+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"confluence-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "confluence-users", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "confluence-users" + }, + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + } + } + }, + { + "@timestamp": "2022-01-14T16:37:07.019Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": 11934, + "kind": "event", + "original": "{\"id\":11934,\"summary\":\"User created\",\"created\":\"2022-01-14T16:37:07.019+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "user": [ + "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "id": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b", + "name": "ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b" + } + } + }, + { + "@timestamp": "2022-01-10T12:44:41.065Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User's password changed", + "id": 11933, + "kind": "event", + "original": "{\"id\":11933,\"summary\":\"User's password changed\",\"remoteAddress\":\"81.2.69.193\",\"created\":\"2022-01-10T12:44:41.065+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + } + ], + "type": { + "action": "User's password changed", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2022-01-06T09:49:07.418Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11932, + "kind": "event", + "original": "{\"id\":11932,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.76.139\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-06T09:49:07.418+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "10.83.76.139" + ] + }, + "source": { + "address": "10.83.76.139", + "ip": "10.83.76.139" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2022-01-05T07:23:49.369Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11931, + "kind": "event", + "original": "{\"id\":11931,\"summary\":\"Workflow updated\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-05T07:23:49.369+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2022-01-05T07:23:49.162Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11930, + "kind": "event", + "original": "{\"id\":11930,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.76.139\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-05T07:23:49.162+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "10.83.76.139" + ] + }, + "source": { + "address": "10.83.76.139", + "ip": "10.83.76.139" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-12-13T14:10:35.436Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11898, + "kind": "event", + "original": "{\"id\":11898,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.62.36\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-12-13T14:10:35.436+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "10.83.62.36" + ] + }, + "source": { + "address": "10.83.62.36", + "ip": "10.83.62.36" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-12-10T11:57:29.971Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User's password changed", + "id": 11897, + "kind": "event", + "original": "{\"id\":11897,\"summary\":\"User's password changed\",\"remoteAddress\":\"81.2.69.193\",\"created\":\"2021-12-10T11:57:29.971+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + } + ], + "type": { + "action": "User's password changed", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-12-10T11:53:37.982Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": 11896, + "kind": "event", + "original": "{\"id\":11896,\"summary\":\"User created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-10T11:53:37.982+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ], + "user": [ + "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16", + "target": { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682" + } + } + }, + { + "@timestamp": "2021-12-10T11:52:39.940Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Customer invited notification changed", + "id": 11895, + "kind": "event", + "original": "{\"id\":11895,\"summary\":\"Customer invited notification changed\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-10T11:52:39.940+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10003\",\"name\":\"Support\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"isEnabled\",\"changedFrom\":\"false\",\"changedTo\":\"true\"}],\"associatedItems\":[{\"id\":\"10003\",\"name\":\"Support\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10003", + "name": "Support", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "false", + "i18nKey": "isEnabled", + "key": "isEnabled", + "to": "true" + } + ], + "type": { + "action": "Customer invited notification changed", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T17:15:05.069Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User created", + "category": [ + "iam" + ], + "id": 11894, + "kind": "event", + "original": "{\"id\":11894,\"summary\":\"User created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T17:15:05.069+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Active" + } + ], + "type": { + "action": "User created", + "category": "user management" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ], + "user": [ + "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16", + "target": { + "id": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9", + "name": "qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9" + } + } + }, + { + "@timestamp": "2021-12-07T17:03:54.188Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Customer permissions changed", + "id": 11893, + "kind": "event", + "original": "{\"id\":11893,\"summary\":\"Customer permissions changed\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T17:03:54.188+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"description\":\"Update who can access the portal and send requests\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"Customer access\",\"changedFrom\":\"Anyone with an account\",\"changedTo\":\"Customers my team adds to the project\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "Anyone with an account", + "i18nKey": "Customer access", + "key": "Customer access", + "to": "Customers my team adds to the project" + } + ], + "type": { + "action": "Customer permissions changed", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:56:48.122Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Request type deleted", + "id": 11892, + "kind": "event", + "original": "{\"id\":11892,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:48.122+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"89\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Want to access work stuff from outside? Let us know.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Set up VPN to the office\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10526\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "89", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Want to access work stuff from outside? Let us know.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "Set up VPN to the office", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10024", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10526", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:56:24.940Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Request type deleted", + "id": 11891, + "kind": "event", + "original": "{\"id\":11891,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:24.940+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"86\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Get assistance for general IT problems and questions.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Get IT help\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10541\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "86", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Get assistance for general IT problems and questions.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "Get IT help", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10024", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10541", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:56:07.861Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Request type deleted", + "id": 11890, + "kind": "event", + "original": "{\"id\":11890,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:07.861+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"96\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Need a mobile phone or time for replacement? Let us know.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"New mobile device\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10025\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10534\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "96", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Need a mobile phone or time for replacement? Let us know.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "New mobile device", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10025", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10534", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:54:03.906Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Request type deleted", + "id": 11889, + "kind": "event", + "original": "{\"id\":11889,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:54:03.906+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"88\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Raise a request to ask for temp wifi access for guests.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Get a guest wifi account\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10519\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "from": "88", + "i18nKey": "id", + "key": "id" + }, + { + "from": "Raise a request to ask for temp wifi access for guests.", + "i18nKey": "description", + "key": "description" + }, + { + "from": "Get a guest wifi account", + "i18nKey": "name", + "key": "name" + }, + { + "from": "10024", + "i18nKey": "issueTypeId", + "key": "issueTypeId" + }, + { + "from": "10519", + "i18nKey": "iconId", + "key": "iconId" + } + ], + "type": { + "action": "Request type deleted", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:46:02.950Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11888, + "kind": "event", + "original": "{\"id\":11888,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.950+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "Eng Sys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "Eng Sys" + }, + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.944Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11887, + "kind": "event", + "original": "{\"id\":11887,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.944+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"EngSys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579\",\"name\":\"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579", + "name": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "EngSys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "EngSys" + }, + "id": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579", + "name": "ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.939Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11886, + "kind": "event", + "original": "{\"id\":11886,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.939+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:1b93c61c-2382-4f4e-8f38-f901c702845f\",\"name\":\"ug:1b93c61c-2382-4f4e-8f38-f901c702845f\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f", + "name": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "Eng Sys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:1b93c61c-2382-4f4e-8f38-f901c702845f" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "Eng Sys" + }, + "id": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f", + "name": "ug:1b93c61c-2382-4f4e-8f38-f901c702845f" + } + } + }, + { + "@timestamp": "2021-12-07T16:46:02.932Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User added to group", + "category": [ + "iam" + ], + "id": 11885, + "kind": "event", + "original": "{\"id\":11885,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.932+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"EngSys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:016dd2df-318a-4b92-908d-b0b9e531c60f\",\"name\":\"ug:016dd2df-318a-4b92-908d-b0b9e531c60f\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", + "type": [ + "group", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f", + "name": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "USER" + }, + { + "name": "EngSys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "User added to group", + "category": "group management" + } + } + }, + "related": { + "user": [ + "ug:016dd2df-318a-4b92-908d-b0b9e531c60f" + ] + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "target": { + "group": { + "name": "EngSys" + }, + "id": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f", + "name": "ug:016dd2df-318a-4b92-908d-b0b9e531c60f" + } + } + }, + { + "@timestamp": "2021-12-07T16:45:24.007Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Group created", + "category": [ + "iam" + ], + "id": 11884, + "kind": "event", + "original": "{\"id\":11884,\"summary\":\"Group created\",\"created\":\"2021-12-07T16:45:24.007+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}}", + "type": [ + "group", + "creation" + ] + }, + "group": { + "name": "Eng Sys" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "name": "Eng Sys", + "parentId": "10000", + "parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory", + "type": "GROUP" + } + ], + "type": { + "action": "Group created", + "category": "group management" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-12-07T16:29:41.490Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project created", + "category": [ + "configuration" + ], + "id": 11883, + "kind": "event", + "original": "{\"id\":11883,\"summary\":\"Project created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:41.490+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Unassigned\"},{\"fieldName\":\"Project lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Key\",\"changedTo\":\"ACC\"},{\"fieldName\":\"Name\",\"changedTo\":\"Change Control\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "creation" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Unassigned" + }, + { + "i18nKey": "Project lead", + "key": "Project lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Key", + "key": "Key", + "to": "ACC" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Change Control" + } + ], + "type": { + "action": "Project created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.789Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Custom email channel turned on", + "id": 11882, + "kind": "event", + "original": "{\"id\":11882,\"summary\":\"Custom email channel turned on\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.789+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"userName\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"host\",\"changedFrom\":\"\",\"changedTo\":\"mailstore\"},{\"fieldName\":\"port\",\"changedFrom\":\"\",\"changedTo\":\"110\"},{\"fieldName\":\"tlsEnabled\",\"changedFrom\":\"\",\"changedTo\":\"false\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"protocol\",\"changedFrom\":\"\",\"changedTo\":\"vertimail\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "userName", + "key": "userName", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "host", + "key": "host", + "to": "mailstore" + }, + { + "i18nKey": "port", + "key": "port", + "to": "110" + }, + { + "i18nKey": "tlsEnabled", + "key": "tlsEnabled", + "to": "false" + }, + { + "i18nKey": "emailAddress", + "key": "emailAddress", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "protocol", + "key": "protocol", + "to": "vertimail" + } + ], + "type": { + "action": "Custom email channel turned on", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.773Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Cloud Email settings created", + "id": 11881, + "kind": "event", + "original": "{\"id\":11881,\"summary\":\"Cloud Email settings created\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.773+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"\",\"changedTo\":\"7\"},{\"fieldName\":\"requestTypeId\",\"changedFrom\":\"\",\"changedTo\":\"95\"},{\"fieldName\":\"serviceDeskId\",\"changedFrom\":\"\",\"changedTo\":\"6\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "id", + "key": "id", + "to": "7" + }, + { + "i18nKey": "requestTypeId", + "key": "requestTypeId", + "to": "95" + }, + { + "i18nKey": "serviceDeskId", + "key": "serviceDeskId", + "to": "6" + }, + { + "i18nKey": "emailAddress", + "key": "emailAddress", + "to": "support@cyberfort.atlassian.net" + } + ], + "type": { + "action": "Cloud Email settings created", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:38.426Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Cloud email channel turned on", + "id": 11880, + "kind": "event", + "original": "{\"id\":11880,\"summary\":\"Cloud email channel turned on\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.426+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"userName\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"host\",\"changedFrom\":\"\",\"changedTo\":\"mailstore\"},{\"fieldName\":\"port\",\"changedFrom\":\"\",\"changedTo\":\"110\"},{\"fieldName\":\"tlsEnabled\",\"changedFrom\":\"\",\"changedTo\":\"null\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"protocol\",\"changedFrom\":\"\",\"changedTo\":\"vertimail\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "changed_values": [ + { + "i18nKey": "userName", + "key": "userName", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "host", + "key": "host", + "to": "mailstore" + }, + { + "i18nKey": "port", + "key": "port", + "to": "110" + }, + { + "i18nKey": "tlsEnabled", + "key": "tlsEnabled", + "to": "null" + }, + { + "i18nKey": "emailAddress", + "key": "emailAddress", + "to": "support@cyberfort.atlassian.net" + }, + { + "i18nKey": "protocol", + "key": "protocol", + "to": "vertimail" + } + ], + "type": { + "action": "Cloud email channel turned on", + "category": "projects" + } + } + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.956Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11879, + "kind": "event", + "original": "{\"id\":11879,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.956+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10099\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10099", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.930Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11878, + "kind": "event", + "original": "{\"id\":11878,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.930+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10098\",\"name\":\"VPN Server\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"VPN Server\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10098", + "name": "VPN Server", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "VPN Server" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.903Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11877, + "kind": "event", + "original": "{\"id\":11877,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.903+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10097\",\"name\":\"Public Website\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Public Website\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10097", + "name": "Public Website", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Public Website" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.877Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11876, + "kind": "event", + "original": "{\"id\":11876,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.877+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10096\",\"name\":\"Printers\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Printers\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10096", + "name": "Printers", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Printers" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.849Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11875, + "kind": "event", + "original": "{\"id\":11875,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.849+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10095\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10095", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.823Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11874, + "kind": "event", + "original": "{\"id\":11874,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.823+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10094\",\"name\":\"Office Network\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Office Network\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10094", + "name": "Office Network", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Office Network" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.797Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11873, + "kind": "event", + "original": "{\"id\":11873,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.797+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10093\",\"name\":\"Jira\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Jira\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10093", + "name": "Jira", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Jira" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.770Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11872, + "kind": "event", + "original": "{\"id\":11872,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.770+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10092\",\"name\":\"Intranet\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Intranet\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10092", + "name": "Intranet", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Intranet" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.743Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11871, + "kind": "event", + "original": "{\"id\":11871,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.743+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10091\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10091", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.717Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11870, + "kind": "event", + "original": "{\"id\":11870,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.717+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10090\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10090", + "name": "Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.691Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11869, + "kind": "event", + "original": "{\"id\":11869,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.691+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10089\",\"name\":\"Email and Collaboration Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Email and Collaboration Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10089", + "name": "Email and Collaboration Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Email and Collaboration Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.664Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11868, + "kind": "event", + "original": "{\"id\":11868,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.664+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10088\",\"name\":\"Data Center Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Data Center Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10088", + "name": "Data Center Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Data Center Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.637Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11867, + "kind": "event", + "original": "{\"id\":11867,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.637+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10087\",\"name\":\"Cloud Storage Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Cloud Storage Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10087", + "name": "Cloud Storage Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Cloud Storage Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.609Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11866, + "kind": "event", + "original": "{\"id\":11866,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.609+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10086\",\"name\":\"Billing Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Billing Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10086", + "name": "Billing Services", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Billing Services" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.561Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11865, + "kind": "event", + "original": "{\"id\":11865,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.561+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10085\",\"name\":\"Analytics and Reporting Service\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Analytics and Reporting Service\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10085", + "name": "Analytics and Reporting Service", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Analytics and Reporting Service" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.529Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Project component created", + "id": 11864, + "kind": "event", + "original": "{\"id\":11864,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.529+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10084\",\"name\":\"Active Directory\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Active Directory\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "name": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + }, + { + "id": "10084", + "name": "Active Directory", + "type": "PROJECT_COMPONENT" + } + ], + "changed_values": [ + { + "i18nKey": "Default Assignee", + "key": "Default Assignee", + "to": "Project Default" + }, + { + "i18nKey": "Component Lead", + "key": "Component Lead", + "to": "ug:20aaaebb-1ee5-400a-af76-d2550b6363b3" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Created by Jira Service Management" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Active Directory" + } + ], + "type": { + "action": "Project component created", + "category": "projects" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.499Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow scheme added to project", + "id": 11863, + "kind": "event", + "original": "{\"id\":11863,\"summary\":\"Workflow scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.499+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10023\",\"name\":\"Jira Service Management IT Support Workflow Scheme generated for Project ACC\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10023", + "name": "Jira Service Management IT Support Workflow Scheme generated for Project ACC", + "type": "SCHEME" + }, + { + "id": "10022", + "name": "Change Control", + "type": "PROJECT" + } + ], + "type": { + "action": "Workflow scheme added to project", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.468Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11862, + "kind": "event", + "original": "{\"id\":11862,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.468+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management default workflow was generated for Project ACC\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Jira Service Management default workflow", + "name": "ACC: Jira Service Management default workflow", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Jira Service Management default workflow was generated for Project ACC" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.448Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11861, + "kind": "event", + "original": "{\"id\":11861,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.448+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Jira Service Management default workflow", + "name": "ACC: Jira Service Management default workflow", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.421Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow created", + "id": 11860, + "kind": "event", + "original": "{\"id\":11860,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.421+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"ACC: Jira Service Management default workflow\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Jira Service Management default workflow", + "name": "ACC: Jira Service Management default workflow", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "ACC: Jira Service Management default workflow" + } + ], + "type": { + "action": "Workflow created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.329Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11859, + "kind": "event", + "original": "{\"id\":11859,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.329+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management Problem Management workflow was generated for Project ACC\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Problem Management workflow for Jira Service Management", + "name": "ACC: Problem Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Jira Service Management Problem Management workflow was generated for Project ACC" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.310Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11858, + "kind": "event", + "original": "{\"id\":11858,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.310+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"}}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Problem Management workflow for Jira Service Management", + "name": "ACC: Problem Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.283Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow created", + "id": 11857, + "kind": "event", + "original": "{\"id\":11857,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.283+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"ACC: Problem Management workflow for Jira Service Management\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Problem Management workflow for Jira Service Management", + "name": "ACC: Problem Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "ACC: Problem Management workflow for Jira Service Management" + } + ], + "type": { + "action": "Workflow created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-12-07T16:29:36.186Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow updated", + "id": 11856, + "kind": "event", + "original": "{\"id\":11856,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.186+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Incident Management workflow for Jira Service Management\",\"name\":\"ACC: Incident Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management Incident Management workflow was generated for Project ACC\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ACC: Incident Management workflow for Jira Service Management", + "name": "ACC: Incident Management workflow for Jira Service Management", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Jira Service Management Incident Management workflow was generated for Project ACC" + } + ], + "type": { + "action": "Workflow updated", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5e72548417c6640c385f2a16" + } + }, + { + "@timestamp": "2021-11-18T10:58:11.410Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11663, + "kind": "event", + "original": "{\"id\":11663,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:11.410+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10052\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Subtask\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "PEN-10052" + }, + { + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Subtask" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:11.132Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11662, + "kind": "event", + "original": "{\"id\":11662,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:11.132+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10051\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Epic\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "PEN-10051" + }, + { + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Epic" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.771Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow scheme added to project", + "id": 11661, + "kind": "event", + "original": "{\"id\":11661,\"summary\":\"Workflow scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.771+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10019\",\"name\":\"PEN: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10019", + "name": "PEN: Software Simplified Workflow Scheme", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Workflow scheme added to project", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.754Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow scheme created", + "id": 11660, + "kind": "event", + "original": "{\"id\":11660,\"summary\":\"Workflow scheme created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.754+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10019\",\"name\":\"PEN: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"PEN: Software Simplified Workflow Scheme\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10019", + "name": "PEN: Software Simplified Workflow Scheme", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "PEN: Software Simplified Workflow Scheme" + } + ], + "type": { + "action": "Workflow scheme created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.744Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Workflow created", + "id": 11659, + "kind": "event", + "original": "{\"id\":11659,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.744+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Name\",\"changedTo\":\"Software workflow for project 10018\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "Software workflow for project 10018", + "name": "Software workflow for project 10018", + "type": "WORKFLOW" + } + ], + "changed_values": [ + { + "i18nKey": "Name", + "key": "Name", + "to": "Software workflow for project 10018" + } + ], + "type": { + "action": "Workflow created", + "category": "workflows" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.473Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11658, + "kind": "event", + "original": "{\"id\":11658,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.473+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10050\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Task\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "PEN-10050" + }, + { + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Task" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.265Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme updated", + "id": 11657, + "kind": "event", + "original": "{\"id\":11657,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.265+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"Field Layout for PEN\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Default\",\"changedTo\":\"Default\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "from": "Default Field Configuration", + "i18nKey": "Field Configuration", + "key": "Field Configuration", + "to": "Field Layout for PEN" + }, + { + "from": "Default", + "i18nKey": "Issue Type", + "key": "Issue Type", + "to": "Default" + } + ], + "type": { + "action": "Field Configuration scheme updated", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.174Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme added to project", + "id": 11656, + "kind": "event", + "original": "{\"id\":11656,\"summary\":\"Field Configuration scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.174+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Field Configuration scheme added to project", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.146Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Field Configuration scheme created", + "id": 11655, + "kind": "event", + "original": "{\"id\":11655,\"summary\":\"Field Configuration scheme created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.146+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"This Field Configuration Scheme was generated for Project PEN\"},{\"fieldName\":\"Name\",\"changedTo\":\"Field Configuration Scheme for Project PEN\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10015", + "name": "Field Configuration Scheme for Project PEN", + "type": "SCHEME" + } + ], + "changed_values": [ + { + "i18nKey": "Description", + "key": "Description", + "to": "This Field Configuration Scheme was generated for Project PEN" + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Field Configuration Scheme for Project PEN" + } + ], + "type": { + "action": "Field Configuration scheme created", + "category": "fields" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.114Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Issue Security scheme added to project", + "id": 11654, + "kind": "event", + "original": "{\"id\":11654,\"summary\":\"Issue Security scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.114+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10010\",\"name\":\"PEN: Simplified Issue Security Scheme\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10010", + "name": "PEN: Simplified Issue Security Scheme", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Issue Security scheme added to project", + "category": "permissions" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-18T10:58:10.062Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Permission scheme added to project", + "id": 11653, + "kind": "event", + "original": "{\"id\":11653,\"summary\":\"Permission scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.062+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10016\",\"name\":\"PEN: Simplified Permission Scheme\",\"typeName\":\"SCHEME\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "10016", + "name": "PEN: Simplified Permission Scheme", + "type": "SCHEME" + }, + { + "id": "10018", + "name": "Arcturus Assurance", + "type": "PROJECT" + } + ], + "type": { + "action": "Permission scheme added to project", + "category": "permissions" + } + } + }, + "related": { + "ip": [ + "81.2.69.193" + ] + }, + "source": { + "address": "81.2.69.193", + "geo": { + "city_name": "London", + "continent_name": "Europe", + "country_iso_code": "GB", + "country_name": "United Kingdom", + "location": { + "lat": 51.5142, + "lon": -0.0931 + }, + "region_iso_code": "GB-ENG", + "region_name": "England" + }, + "ip": "81.2.69.193" + }, + "tags": [ + "preserve_original_event" + ], + "user": { + "id": "5ff328f2a9d0300107c045a6" + } + }, + { + "@timestamp": "2021-11-17T16:00:37.374Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User updated", + "category": [ + "iam" + ], + "id": 11652, + "kind": "event", + "original": "{\"id\":11652,\"summary\":\"User updated\",\"created\":\"2021-11-17T16:00:37.374+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"name\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedFrom\":\"Active\",\"changedTo\":\"Inactive\"}],\"associatedItems\":[{\"id\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"name\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:870c3c4b-1f74-4fa2-a401-639ec53e9436", + "name": "ug:870c3c4b-1f74-4fa2-a401-639ec53e9436", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "from": "Active", + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Inactive" + } + ], + "type": { + "action": "User updated", + "category": "user management" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-11-16T09:25:56.725Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "User updated", + "category": [ + "iam" + ], + "id": 11651, + "kind": "event", + "original": "{\"id\":11651,\"summary\":\"User updated\",\"created\":\"2021-11-16T09:25:56.725+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"name\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedFrom\":\"Active\",\"changedTo\":\"Inactive\"}],\"associatedItems\":[{\"id\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"name\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", + "type": [ + "user", + "change" + ] + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "ug:7759808b-4fa4-4053-a8f5-136c382be65a", + "name": "ug:7759808b-4fa4-4053-a8f5-136c382be65a", + "parentId": "10000", + "parentName": "IDP Directory", + "type": "USER" + } + ], + "changed_values": [ + { + "from": "Active", + "i18nKey": "Active / Inactive", + "key": "Active / Inactive", + "to": "Inactive" + } + ], + "type": { + "action": "User updated", + "category": "user management" + } + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-11-16T08:48:05.867Z", + "ecs": { + "version": "8.0.0" + }, + "event": { + "action": "Custom field created", + "id": 11650, + "kind": "event", + "original": "{\"id\":11650,\"summary\":\"Custom field created\",\"created\":\"2021-11-16T08:48:05.867+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"customfield_10072\",\"name\":\"Work category\",\"typeName\":\"CUSTOM_FIELD\"},\"changedValues\":[{\"fieldName\":\"Type\",\"changedTo\":\"Work category\"},{\"fieldName\":\"Description\",\"changedTo\":\"Jira system field that displays the category of work a specific issue belongs to.\"},{\"fieldName\":\"Name\",\"changedTo\":\"Work category\"}]}", + "type": "info" + }, + "jira": { + "audit": { + "affected_objects": [ + { + "id": "customfield_10072", + "name": "Work category", + "type": "CUSTOM_FIELD" + } + ], + "changed_values": [ + { + "i18nKey": "Type", + "key": "Type", + "to": "Work category" + }, + { + "i18nKey": "Description", + "key": "Description", + "to": "Jira system field that displays the category of work a specific issue belongs to." + }, + { + "i18nKey": "Name", + "key": "Name", + "to": "Work category" + } + ], + "type": { + "action": "Custom field created", + "category": "fields" + } + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml new file mode 100644 index 00000000000..e2e5e210906 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -0,0 +1,12 @@ +input: httpjson +service: confluence-api +vars: ~ +data_stream: + vars: + preserve_original_event: true + api_url: http://{{Hostname}}:{{Port}} + username: test.user + password: abc123 + limit: "2" + ssl.verification_mode: none + atlassian_cloud: true diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 5ece9695f4b..5ee46542fdf 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -1,7 +1,11 @@ config_version: "2" interval: {{interval}} request.method: "GET" +{{#if atlassian_cloud}} +request.url: {{api_url}}/rest/api/3/auditing/record +{{#else}} request.url: {{api_url}}/rest/auditing/1.0/events +{{/if}} {{#if ssl}} request.ssl: {{ssl}} {{/if}} @@ -21,6 +25,31 @@ auth.basic.password: {{password}} {{/unless}} request.transforms: + - set: + target: url.params.limit + value: {{ limit }} +{{#if atlassian_cloud}} + - set: + target: url.params.from + value: "[[.cursor.last_timestamp]]" + default: '[[formatDate (now (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.999-0700"]]' + - set: + target: url.params.to + value: '[[formatDate (now) "2006-01-02T15:04:05.999-0700"]]' + - set: + target: url.params.offset + value: '0' +response.split: + target: body.results +response.pagination: + - set: + target: url.params.offset + value: '[[ add .last_response.url.params.offset url.params.limit ]]' + fail_on_template_error: true +cursor: + last_timestamp: + value: "[[.first_event.created]]" +{{#else}} {{#unless username}} {{#unless password}} {{#if token}} @@ -37,11 +66,6 @@ request.transforms: - set: target: url.params.to value: '[[formatDate now]]' - - set: - target: url.params.limit - value: {{ limit }} - - response.split: target: body.entities response.pagination: @@ -53,6 +77,7 @@ response.pagination: cursor: last_timestamp: value: "[[.first_event.timestamp]]" +{{/if}} tags: {{#if preserve_original_event}} @@ -64,7 +89,13 @@ tags: {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} -{{#if processors}} processors: +{{#if atlassian_cloud}} +- add_fields: + target: _config + fields: + atlassian_cloud: true +{{/if}} +{{#if processors}} {{processors}} -{{/if}} \ No newline at end of file +{{/if}} \ No newline at end of file diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml new file mode 100644 index 00000000000..c6719a76f36 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -0,0 +1,80 @@ +--- +description: Pipeline for processing sample logs +processors: +- set: + field: _tmp.timestamp + copy_from: json.created + if: ctx.json?.created != null +- rename: + field: json.id + target_field: event.id + ignore_missing: true +- rename: + field: json.remoteAddress + target_field: source.address + ignore_missing: true +- rename: + field: json.authorAccountId + target_field: user.id + ignore_missing: true +- rename: + field: json.category + target_field: jira.audit.type.category + ignore_missing: true +- rename: + field: json.summary + target_field: jira.audit.type.action + ignore_missing: true +- set: + field: event.action + copy_from: jira.audit.type.action + ignore_empty_value: true +- rename: + field: json.associatedItems + target_field: jira.audit.affected_objects + ignore_missing: true +- rename: + field: json.changedValues + target_field: jira.audit.changed_values + ignore_missing: true +- script: + lang: painless + description: Modify data to match Self Hosted + source: >- + if(ctx.jira?.audit?.affected_objects == null) { + ArrayList items = new ArrayList(); + ctx.jira?.audit.put("affected_objects", items); + } + if(ctx.json?.objectItem != null && !ctx.jira?.audit?.affected_objects.contains(ctx.json?.objectItem)) { + ctx.jira?.audit?.affected_objects.add(ctx.json?.objectItem); + } + + if(ctx.jira?.audit?.affected_objects != null) { + for (def j = 0; j < ctx.jira?.audit?.affected_objects.length; j++) { + if(ctx.jira.audit.affected_objects[j]?.typeName != null) { + ctx.jira.audit.affected_objects[j].put('type', ctx.jira.audit.affected_objects[j].typeName); + ctx.jira.audit.affected_objects[j].remove('typeName'); + } + } + } + if(ctx.jira?.audit?.changed_values != null) { + for (def j = 0; j < ctx.jira?.audit?.changed_values.length; j++) { + if(ctx.jira.audit.changed_values[j]?.fieldName != null) { + ctx.jira.audit.changed_values[j].put('i18nKey', ctx.jira.audit.changed_values[j].fieldName); + ctx.jira.audit.changed_values[j].put('key', ctx.jira.audit.changed_values[j].fieldName); + ctx.jira.audit.changed_values[j].remove('fieldName'); + } + if(ctx.jira.audit.changed_values[j]?.changedTo != null) { + ctx.jira.audit.changed_values[j].put('to', ctx.jira.audit.changed_values[j].changedTo); + ctx.jira.audit.changed_values[j].remove('changedTo'); + } + if(ctx.jira.audit.changed_values[j]?.changedFrom != null) { + ctx.jira.audit.changed_values[j].put('from', ctx.jira.audit.changed_values[j].changedFrom); + ctx.jira.audit.changed_values[j].remove('changedFrom'); + } + } + } +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index d13826428a2..c175607e789 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -10,14 +10,12 @@ processors: - json: field: event.original target_field: json -- set: - field: _tmp.timestamp - copy_from: json.timestamp - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String -- set: - field: _tmp.timestamp - value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null +- pipeline: + name: '{{ IngestPipeline "cloud" }}' + if: "ctx._config?.atlassian_cloud != null" +- pipeline: + name: '{{ IngestPipeline "self-hosted" }}' + if: "ctx._config?.atlassian_cloud == null" - date: field: _tmp.timestamp formats: @@ -53,79 +51,64 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true -- rename: - field: json.author.id - target_field: user.id - ignore_missing: true -- rename: - field: json.author.name - target_field: user.name - ignore_missing: true -- rename: - field: json.auditType - target_field: jira.audit.type - ignore_missing: true -- rename: - field: json.type - target_field: jira.audit.type - ignore_missing: true -- rename: - field: json.method - target_field: jira.audit.method - ignore_missing: true -- rename: - field: json.system - target_field: service.address - ignore_missing: true -- uri_parts: - field: service.address - target_field: _tmp.service - ignore_failure: true - if: ctx.service?.address != null -- rename: - field: json.extraAttributes - target_field: jira.audit.extra_attributes - ignore_missing: true -- rename: - field: json.changedValues - target_field: jira.audit.changed_values - ignore_missing: true -- rename: - field: json.affectedObjects - target_field: jira.audit.affected_objects - ignore_missing: true -- set: - field: event.action - copy_from: jira.audit.type.actionI18nKey - ignore_empty_value: true - script: lang: painless tag: Add ECS categorization params: + User created: + category: + - iam + type: + - user + - creation jira.auditing.user.created: category: - iam type: - user - creation + User updated: + category: + - iam + type: + - user + - change jira.auditing.user.updated: category: - iam type: - user - change + User deleted: + category: + - iam + type: + - user + - deletion jira.auditing.user.deleted: category: - iam type: - user - deletion + User added to group: + category: + - iam + type: + - group + - change jira.auditing.user.added.to.group: category: - iam type: - group - change + User removed from group: + category: + - iam + type: + - group + - change jira.auditing.user.removed.from.group: category: - iam @@ -166,12 +149,24 @@ processors: - authentication type: - end + Group created: + category: + - iam + type: + - group + - creation jira.auditing.group.created: category: - iam type: - group - creation + Group deleted: + category: + - iam + type: + - group + - deletion jira.auditing.group.deleted: category: - iam @@ -208,6 +203,11 @@ processors: type: - admin - change + Project created: + category: + - configuration + type: + - creation jira.auditing.project.created: category: - configuration @@ -261,7 +261,7 @@ processors: - script: lang: painless description: Add ECS User fields - if: "['jira.auditing.category.usermanagement','jira.auditing.category.groupmanagement'].contains(ctx.jira?.audit?.type?.categoryI18nKey)" + if: "['jira.auditing.category.usermanagement','jira.auditing.category.groupmanagement'].contains(ctx.jira?.audit?.type?.categoryI18nKey) || ['user management','group management'].contains(ctx.jira?.audit?.type?.category)" source: >- if (ctx?.event?.action == null) { return; @@ -289,16 +289,16 @@ processors: if(ctx.jira?.audit?.affected_objects != null) { for (def j = 0; j < ctx.jira?.audit?.affected_objects.length; j++) { if(ctx.jira?.audit?.affected_objects[j]?.type == 'GROUP') { - if(['jira.auditing.group.created', 'jira.auditing.group.deleted'].contains(ctx.event.action)) { + if(['jira.auditing.group.created', 'jira.auditing.group.deleted', 'Group created', 'Group deleted'].contains(ctx.event.action)) { ctx.group.put("name", ctx.jira?.audit?.affected_objects[j]?.name); } - if(['jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group'].contains(ctx.event.action)) { + if(['jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group', 'User added to group', 'User removed from group'].contains(ctx.event.action)) { ctx.user.target.group.put("name", ctx.jira?.audit?.affected_objects[j]?.name); ctx.user.target.group.put("id", ctx.jira?.audit?.affected_objects[j]?.id); } } if(ctx.jira?.audit?.affected_objects[j]?.type == 'USER') { - if(['jira.auditing.user.created', 'jira.auditing.user.deleted','jira.auditing.user.password.changed','jira.auditing.user.updated','jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group'].contains(ctx.event.action)) { + if(['jira.auditing.user.created', 'jira.auditing.user.deleted','jira.auditing.user.password.changed','jira.auditing.user.updated','jira.auditing.user.added.to.group', 'jira.auditing.user.removed.from.group', 'User created', 'User deleted', 'User added to group', 'User removed from group'].contains(ctx.event.action)) { ctx.user.target.put("name", ctx.jira?.audit?.affected_objects[j]?.name); ctx.user.target.put("id", ctx.jira?.audit?.affected_objects[j]?.id); } @@ -307,13 +307,13 @@ processors: } if(ctx.jira?.audit?.changed_values != null) { for (def j = 0; j < ctx.jira?.audit?.changed_values.length; j++) { - if(['jira.auditing.user.renamed'].contains(ctx.event.action)) { + if(['jira.auditing.user.renamed', 'User renamed'].contains(ctx.event.action)) { if(ctx.jira?.audit?.changed_values[j]?.i18nKey == 'common.words.username') { ctx.user.changes.put("name", ctx.jira?.audit?.changed_values[j]?.to); ctx.user.target.put("name", ctx.jira?.audit?.changed_values[j]?.from); } } - if(['jira.auditing.user.created','jira.auditing.user.updated'].contains(ctx.event.action)) { + if(['jira.auditing.user.created','jira.auditing.user.updated', 'User created', 'User updated'].contains(ctx.event.action)) { if(ctx.jira?.audit?.changed_values[j]?.i18nKey == 'common.words.username') { ctx.user.changes.put("name", ctx.jira?.audit?.changed_values[j]?.to); if(ctx.jira?.audit?.changed_values[j]?.from != null) { @@ -364,6 +364,7 @@ processors: field: - json - _tmp + - _config ignore_missing: true - remove: field: event.original diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml new file mode 100644 index 00000000000..002f307c8c1 --- /dev/null +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -0,0 +1,94 @@ +--- +description: Pipeline for processing sample logs +processors: +- set: + field: _tmp.timestamp + copy_from: json.timestamp + if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String +- set: + field: _tmp.timestamp + value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" + if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null +- rename: + field: json.source + target_field: source.address + ignore_missing: true +- convert: + field: source.address + target_field: source.ip + type: ip + ignore_missing: true +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- rename: + field: json.author.id + target_field: user.id + ignore_missing: true +- rename: + field: json.author.name + target_field: user.name + ignore_missing: true +- rename: + field: json.auditType + target_field: jira.audit.type + ignore_missing: true +- rename: + field: json.type + target_field: jira.audit.type + ignore_missing: true +- rename: + field: json.method + target_field: jira.audit.method + ignore_missing: true +- rename: + field: json.system + target_field: service.address + ignore_missing: true +- uri_parts: + field: service.address + target_field: _tmp.service + ignore_failure: true + if: ctx.service?.address != null +- rename: + field: json.extraAttributes + target_field: jira.audit.extra_attributes + ignore_missing: true +- rename: + field: json.changedValues + target_field: jira.audit.changed_values + ignore_missing: true +- rename: + field: json.affectedObjects + target_field: jira.audit.affected_objects + ignore_missing: true +- set: + field: event.action + copy_from: jira.audit.type.actionI18nKey + ignore_empty_value: true +- append: + field: related.hosts + value: '{{_tmp.service.domain}}' + allow_duplicates: false + if: ctx._tmp?.service?.domain != null +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_jira/data_stream/audit/manifest.yml b/packages/atlassian_jira/data_stream/audit/manifest.yml index a2a18bda31a..e619f02e4db 100644 --- a/packages/atlassian_jira/data_stream/audit/manifest.yml +++ b/packages/atlassian_jira/data_stream/audit/manifest.yml @@ -73,6 +73,14 @@ streams: required: false multi: false show_user: true + - name: atlassian_cloud + required: true + show_user: true + title: Atlassian Cloud + description: Is this an Atlassian SaaS Confluence instance + type: bool + multi: false + default: false - name: http_client_timeout type: text title: HTTP Client Timeout diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index 269d2d8f553..203e40d450b 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -6,7 +6,7 @@ The Jira integration collects audit logs from the audit log files or the [audit ### Audit -The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. This has not been tested with Jira Cloud and is not expected to work. +The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian JIRA Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token. **Exported fields** diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index e9a73a3bb43..af448c32b26 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: 1.2.0 +version: 1.3.0 license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration From c39dd15fea6473c877f6cfb896a27874322caeab Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Sun, 20 Feb 2022 16:44:34 +0000 Subject: [PATCH 09/30] update pipeline --- .../elasticsearch/ingest_pipeline/default.yml | 14 ++++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index bb8e14bdc10..f0c47017874 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -52,6 +52,13 @@ processors: lang: painless description: Add ECS categorization params: + Global permission added: + category: + - iam + - configuration + type: + - admin + - creation audit.logging.summary.global.permission.added: category: - iam @@ -59,6 +66,13 @@ processors: type: - admin - creation + Global permission removed: + category: + - iam + - configuration + type: + - admin + - deletion audit.logging.summary.space.permission.added: category: - iam diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index c175607e789..a5b892d02e6 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -173,6 +173,13 @@ processors: type: - group - deletion + Global permission added: + category: + - iam + - configuration + type: + - admin + - creation jira.auditing.global.permission.added: category: - iam @@ -180,6 +187,13 @@ processors: type: - admin - creation + Global permission removed: + category: + - iam + - configuration + type: + - admin + - deletion personal.access.tokens.audit.log.summary.token.created: category: - iam From 099d13eae4935baba02cd265aa2f3abac4049c0c Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Sun, 20 Feb 2022 19:02:21 +0000 Subject: [PATCH 10/30] update configs --- .../audit/agent/stream/httpjson.yml.hbs | 20 +++++++++++++------ .../audit/agent/stream/httpjson.yml.hbs | 16 +++++++++++---- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index 0a1c1e5dccc..fa1d35de3ee 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -3,7 +3,7 @@ interval: {{interval}} request.method: "GET" {{#if atlassian_cloud}} request.url: {{api_url}}/wiki/rest/api/audit -{{#else}} +{{else}} request.url: {{api_url}}/rest/auditing/1.0/events {{/if}} {{#if ssl}} @@ -32,24 +32,32 @@ request.transforms: - set: target: url.params.startDate value: "[[.cursor.last_timestamp]]" - default: '[[(now (parseDuration "-{{initial_interval}}")).Unix]]' + default: '[[(now (parseDuration "-{{initial_interval}}")).UnixMilli]]' - set: target: url.params.endDate - value: '[[now.Unix]]' + value: '[[now.UnixMilli]]' - set: target: url.params.start value: '0' response.split: - target: body.records + target: body.results response.pagination: + {{!-- - set: + target: url.params.endDate + value: "[[.last_response.url.params.endDate]]" + fail_on_template_error: true + - set: + target: url.params.startDate + value: "[[.last_response.url.params.startDate]]" + fail_on_template_error: true --}} - set: target: url.params.start - value: '[[ add .last_response.url.params.start url.params.limit ]]' + value: '[[ add (toInt .last_response.body.start) (toInt .last_response.body.limit) ]]' fail_on_template_error: true cursor: last_timestamp: value: "[[.first_event.creationDate]]" -{{#else}} +{{else}} {{#unless username}} {{#unless password}} {{#if token}} diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 5ee46542fdf..27817e5e393 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -3,7 +3,7 @@ interval: {{interval}} request.method: "GET" {{#if atlassian_cloud}} request.url: {{api_url}}/rest/api/3/auditing/record -{{#else}} +{{else}} request.url: {{api_url}}/rest/auditing/1.0/events {{/if}} {{#if ssl}} @@ -40,16 +40,24 @@ request.transforms: target: url.params.offset value: '0' response.split: - target: body.results + target: body.records response.pagination: + {{!-- - set: + target: url.params.from + value: "[[.last_response.url.params.from]]" + fail_on_template_error: true + - set: + target: url.params.to + value: "[[.last_response.url.params.to]]" + fail_on_template_error: true --}} - set: target: url.params.offset - value: '[[ add .last_response.url.params.offset url.params.limit ]]' + value: '[[ add (toInt .last_response.body.offset) (toInt .last_response.body.limit) ]]' fail_on_template_error: true cursor: last_timestamp: value: "[[.first_event.created]]" -{{#else}} +{{else}} {{#unless username}} {{#unless password}} {{#if token}} From a71296c538321b095ef210613dbad5d8a2795f53 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 18:03:46 -0500 Subject: [PATCH 11/30] confluence: update pipeline test output for user changes [git-generate] cd packages/atlassian_confluence elastic-package test pipeline -g --- .../test-audit-cloud.log-expected.json | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 97c8a947a04..2f653ee2578 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -705,10 +705,11 @@ "preserve_original_event" ], "user": { - "full_name": "System", - "target": { + "changes": { + "email": "test@example.com", "full_name": "ASP" - } + }, + "full_name": "System" } }, { @@ -858,10 +859,10 @@ "preserve_original_event" ], "user": { - "full_name": "System", - "target": { + "changes": { "full_name": "Simon Brownhill" - } + }, + "full_name": "System" } }, { @@ -2246,10 +2247,11 @@ "preserve_original_event" ], "user": { - "full_name": "System", - "target": { + "changes": { + "email": "test@example.com", "full_name": "Another User" - } + }, + "full_name": "System" } }, { @@ -2391,7 +2393,10 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "full_name": "John Doe (Unlicensed)" + } } }, { @@ -2574,7 +2579,10 @@ "preserve_original_event" ], "user": { - "full_name": "System" + "full_name": "System", + "target": { + "full_name": "John Doe (Deactivated)" + } } }, { From 2c4157b381cdb0b7169820582e770d4eff179102 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 15:53:58 -0500 Subject: [PATCH 12/30] jira: fix service name in system test --- .../audit/_dev/test/system/test-api-cloud-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml index e2e5e210906..48abb840e6b 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -1,5 +1,5 @@ input: httpjson -service: confluence-api +service: jira-api vars: ~ data_stream: vars: From 31f02ed897a825c6992f5363325b9ea3b305e24a Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 16:38:30 -0500 Subject: [PATCH 13/30] confluence: fix empty processors for !atlassian_cloud --- .../audit/agent/stream/httpjson.yml.hbs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index fa1d35de3ee..c0c400c7f08 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -85,6 +85,7 @@ cursor: last_timestamp: value: "[[.first_event.timestamp]]" {{/if}} + tags: {{#if preserve_original_event}} - preserve_original_event @@ -92,16 +93,19 @@ tags: {{#each tags as |tag i|}} - {{tag}} {{/each}} + {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} -processors: + {{#if atlassian_cloud}} -- add_fields: - target: _config - fields: - atlassian_cloud: true -{{/if}} +fields_under_root: true +fields: + _config: + atlassian_cloud: true +{{/if}} + {{#if processors}} +processors: {{processors}} {{/if}} \ No newline at end of file From 63a4d507c3edea199bd920c100a4bdc936d50ca4 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 16:40:00 -0500 Subject: [PATCH 14/30] confluence: fix yaml variable format in test variables The value should be based as a YAML string. Prior to this change the final policy contained which is not what is expected. request.ssl: - object Object --- .../audit/_dev/test/system/test-api-cloud-config.yml | 3 ++- .../data_stream/audit/_dev/test/system/test-api-config.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml index e2e5e210906..9c932c7ba09 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -8,5 +8,6 @@ data_stream: username: test.user password: abc123 limit: "2" - ssl.verification_mode: none + ssl: |- + verification_mode: none atlassian_cloud: true diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml index a6d1af6204c..7aa5ba9a5d9 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/system/test-api-config.yml @@ -8,4 +8,5 @@ data_stream: username: test.user password: abc123 limit: "2" - ssl.verification_mode: none + ssl: |- + verification_mode: none From 93cf392108dc1552b7f5f80a191da304bc5e26bf Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 16:51:52 -0500 Subject: [PATCH 15/30] jira: fix empty processors for !atlassian_cloud --- .../audit/agent/stream/httpjson.yml.hbs | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 27817e5e393..6d4d6a3a8c7 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -94,16 +94,19 @@ tags: {{#each tags as |tag i|}} - {{tag}} {{/each}} + {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} -processors: + {{#if atlassian_cloud}} -- add_fields: - target: _config - fields: - atlassian_cloud: true -{{/if}} +fields_under_root: true +fields: + _config: + atlassian_cloud: true +{{/if}} + {{#if processors}} +processors: {{processors}} {{/if}} \ No newline at end of file From f39f3ac4e9e1c13676f9cd8cb83e8d3257f06075 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Thu, 24 Feb 2022 16:52:11 -0500 Subject: [PATCH 16/30] jira: fix yaml variable format in test variables The value should be based as a YAML string. Prior to this change the final policy contained which is not what is expected. request.ssl: - object Object --- .../audit/_dev/test/system/test-api-cloud-config.yml | 3 ++- .../data_stream/audit/_dev/test/system/test-api-config.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml index 48abb840e6b..25ac9219c68 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-cloud-config.yml @@ -8,5 +8,6 @@ data_stream: username: test.user password: abc123 limit: "2" - ssl.verification_mode: none + ssl: |- + verification_mode: none atlassian_cloud: true diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml index f3a9b496b46..d3200691002 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/system/test-api-config.yml @@ -8,4 +8,5 @@ data_stream: username: test.user password: abc123 limit: "2" - ssl.verification_mode: none + ssl: |- + verification_mode: none From e2984b532b334ec601ba7a8a1be260ec3ab5ca4e Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Tue, 22 Mar 2022 17:44:01 +0000 Subject: [PATCH 17/30] using url.value works --- .../data_stream/audit/agent/stream/httpjson.yml.hbs | 12 ++---------- .../data_stream/audit/agent/stream/httpjson.yml.hbs | 12 ++---------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index c0c400c7f08..b90e58dfb00 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -42,17 +42,9 @@ request.transforms: response.split: target: body.results response.pagination: - {{!-- - set: - target: url.params.endDate - value: "[[.last_response.url.params.endDate]]" - fail_on_template_error: true - - set: - target: url.params.startDate - value: "[[.last_response.url.params.startDate]]" - fail_on_template_error: true --}} - set: - target: url.params.start - value: '[[ add (toInt .last_response.body.start) (toInt .last_response.body.limit) ]]' + target: url.value + value: '[[sprintf "%s/wiki/rest/api/audit?endDate=%s&startDate=%s&start=%d&limit=%s" "{{api_url}}" (.last_response.url.params.Get "endDate") (.last_response.url.params.Get "startDate") (add (toInt .last_response.body.start) (toInt .last_response.body.limit)) "{{ limit }}"]]' fail_on_template_error: true cursor: last_timestamp: diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 6d4d6a3a8c7..26d100dd341 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -42,17 +42,9 @@ request.transforms: response.split: target: body.records response.pagination: - {{!-- - set: - target: url.params.from - value: "[[.last_response.url.params.from]]" - fail_on_template_error: true - - set: - target: url.params.to - value: "[[.last_response.url.params.to]]" - fail_on_template_error: true --}} - set: - target: url.params.offset - value: '[[ add (toInt .last_response.body.offset) (toInt .last_response.body.limit) ]]' + target: url.value + value: '[[sprintf "%s/rest/api/3/auditing/record?from=%s&to=%s&offset=%d&limit=%s" "{{api_url}}" (.last_response.url.params.Get "from") (.last_response.url.params.Get "to") (add (toInt .last_response.body.offset) (toInt "{{ limit }}")) "{{ limit }}"]]' fail_on_template_error: true cursor: last_timestamp: From fb3952f84ba28db9633c9ce71d0d608605f80e1a Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Tue, 22 Mar 2022 17:56:49 +0000 Subject: [PATCH 18/30] worked --- .../data_stream/audit/agent/stream/httpjson.yml.hbs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 26d100dd341..c41f0e6997c 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -32,10 +32,10 @@ request.transforms: - set: target: url.params.from value: "[[.cursor.last_timestamp]]" - default: '[[formatDate (now (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.999-0700"]]' + default: '[[formatDate (now (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.999"]]' - set: target: url.params.to - value: '[[formatDate (now) "2006-01-02T15:04:05.999-0700"]]' + value: '[[formatDate (now) "2006-01-02T15:04:05.999"]]' - set: target: url.params.offset value: '0' From 1fcd66ff6d082a74a0a6ea2b96c8dc8733946c9b Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Tue, 5 Apr 2022 16:06:44 +0000 Subject: [PATCH 19/30] update docs --- packages/atlassian_confluence/docs/README.md | 8 -------- packages/atlassian_jira/docs/README.md | 8 -------- 2 files changed, 16 deletions(-) diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 51e318cf99a..5bd63abb732 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -59,7 +59,6 @@ The Confluence integration collects audit logs from the audit log files or the a | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -73,7 +72,6 @@ The Confluence integration collects audit logs from the audit log files or the a | source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | | source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | source.as.organization.name | Organization name. | keyword | -| source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.bytes | Bytes sent from the source to the destination. | long | | source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | @@ -88,22 +86,16 @@ The Confluence integration collects audit logs from the audit log files or the a | tags | List of keywords used to tag each event. | keyword | | user.changes.email | User email address. | keyword | | user.changes.full_name | User's full name, if available. | keyword | -| user.changes.full_name.text | Multi-field of `user.changes.full_name`. | match_only_text | | user.changes.name | Short name or login of the user. | keyword | -| user.changes.name.text | Multi-field of `user.changes.name`. | match_only_text | | user.full_name | User's full name, if available. | keyword | -| user.full_name.text | Multi-field of `user.full_name`. | match_only_text | | user.id | Unique identifier of the user. | keyword | | user.name | Short name or login of the user. | keyword | -| user.name.text | Multi-field of `user.name`. | match_only_text | | user.target.email | User email address. | keyword | | user.target.full_name | User's full name, if available. | keyword | -| user.target.full_name.text | Multi-field of `user.target.full_name`. | match_only_text | | user.target.group.id | Unique identifier for the group on the system/platform. | keyword | | user.target.group.name | Name of the group. | keyword | | user.target.id | Unique identifier of the user. | keyword | | user.target.name | Short name or login of the user. | keyword | -| user.target.name.text | Multi-field of `user.target.name`. | match_only_text | An example event for `audit` looks as following: diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index 203e40d450b..c87d07ee330 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -47,7 +47,6 @@ The Jira integration collects audit logs from the audit log files or the audit A | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -71,7 +70,6 @@ The Jira integration collects audit logs from the audit log files or the audit A | source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | | source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | source.as.organization.name | Organization name. | keyword | -| source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.bytes | Bytes sent from the source to the destination. | long | | source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | @@ -86,21 +84,15 @@ The Jira integration collects audit logs from the audit log files or the audit A | tags | List of keywords used to tag each event. | keyword | | user.changes.email | User email address. | keyword | | user.changes.full_name | User's full name, if available. | keyword | -| user.changes.full_name.text | Multi-field of `user.changes.full_name`. | match_only_text | | user.changes.name | Short name or login of the user. | keyword | -| user.changes.name.text | Multi-field of `user.changes.name`. | match_only_text | | user.full_name | User's full name, if available. | keyword | -| user.full_name.text | Multi-field of `user.full_name`. | match_only_text | | user.id | Unique identifier of the user. | keyword | | user.name | Short name or login of the user. | keyword | -| user.name.text | Multi-field of `user.name`. | match_only_text | | user.target.email | User email address. | keyword | | user.target.full_name | User's full name, if available. | keyword | -| user.target.full_name.text | Multi-field of `user.target.full_name`. | match_only_text | | user.target.group.name | Name of the group. | keyword | | user.target.id | Unique identifier of the user. | keyword | | user.target.name | Short name or login of the user. | keyword | -| user.target.name.text | Multi-field of `user.target.name`. | match_only_text | An example event for `audit` looks as following: From a6fd574e34b1263bc1985de167e15966946f6747 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Mon, 25 Apr 2022 20:14:47 +0000 Subject: [PATCH 20/30] update generated data after rebase --- packages/atlassian_confluence/changelog.yml | 1 + .../pipeline/test-audit-api.log-expected.json | 2 +- .../test-audit-cloud.log-expected.json | 148 ++++++------- packages/atlassian_jira/changelog.yml | 1 + .../pipeline/test-audit-api.log-expected.json | 194 +++++++++--------- .../test-audit-cloud.log-expected.json | 164 +++++++-------- .../test-audit-files.log-expected.json | 174 ++++++++-------- 7 files changed, 343 insertions(+), 341 deletions(-) diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index 5075d514b80..ba233dd023d 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,5 +1,6 @@ # newer versions go on top - version: "1.3.0" + changes: - description: Add support for Atlassian Confluence Cloud type: enhancement link: https://github.com/elastic/integrations/pull/2715 diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index c34e978a065..74a2bf84356 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -7319,7 +7319,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "audit.logging.summary.space.permission.removed", diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 2f653ee2578..01cfbe7725c 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-01-25T07:51:51.962Z", + "@timestamp": "+54037-09-03T16:26:02.000Z", "confluence": { "audit": { "affected_objects": [ @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space logo uploaded", @@ -56,7 +56,7 @@ } }, { - "@timestamp": "2022-01-25T07:51:34.621Z", + "@timestamp": "+54037-09-03T11:37:01.000Z", "confluence": { "audit": { "affected_objects": [ @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space logo uploaded", @@ -111,7 +111,7 @@ } }, { - "@timestamp": "2022-01-25T07:49:51.153Z", + "@timestamp": "+54037-09-02T06:52:33.000Z", "confluence": { "audit": { "affected_objects": [ @@ -128,7 +128,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space logo uploaded", @@ -166,7 +166,7 @@ } }, { - "@timestamp": "2022-01-25T07:44:39.172Z", + "@timestamp": "+54037-08-29T16:12:52.000Z", "confluence": { "audit": { "affected_objects": [ @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space configuration updated", @@ -243,7 +243,7 @@ } }, { - "@timestamp": "2022-01-25T07:44:39.092Z", + "@timestamp": "+54037-08-29T16:11:32.000Z", "confluence": { "audit": { "affected_objects": [ @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space created", @@ -320,7 +320,7 @@ } }, { - "@timestamp": "2022-01-24T14:49:22.329Z", + "@timestamp": "+54035-09-24T14:52:09.000Z", "confluence": { "audit": { "affected_objects": [ @@ -364,7 +364,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space configuration updated", @@ -402,7 +402,7 @@ } }, { - "@timestamp": "2022-01-24T14:49:22.311Z", + "@timestamp": "+54035-09-24T14:51:51.000Z", "confluence": { "audit": { "affected_objects": [ @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space created", @@ -484,7 +484,7 @@ } }, { - "@timestamp": "2022-01-18T08:43:03.045Z", + "@timestamp": "+54018-08-10T05:30:45.000Z", "confluence": { "audit": { "affected_objects": [ @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -558,7 +558,7 @@ } }, { - "@timestamp": "2022-01-18T08:43:03.014Z", + "@timestamp": "+54018-08-10T05:30:14.000Z", "confluence": { "audit": { "affected_objects": [ @@ -579,7 +579,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -632,7 +632,7 @@ } }, { - "@timestamp": "2022-01-18T08:43:02.767Z", + "@timestamp": "+54018-08-10T05:26:07.000Z", "confluence": { "audit": { "affected_objects": [ @@ -666,7 +666,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -713,7 +713,7 @@ } }, { - "@timestamp": "2022-01-14T16:37:07.237Z", + "@timestamp": "+54008-07-22T10:40:37.000Z", "confluence": { "audit": { "affected_objects": [ @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -787,7 +787,7 @@ } }, { - "@timestamp": "2022-01-14T16:37:07.017Z", + "@timestamp": "+54008-07-22T10:36:57.000Z", "confluence": { "audit": { "affected_objects": [ @@ -820,7 +820,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -866,7 +866,7 @@ } }, { - "@timestamp": "2022-01-04T12:04:36.903Z", + "@timestamp": "+53980-08-29T04:55:03.000Z", "confluence": { "audit": { "affected_objects": [ @@ -887,7 +887,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -940,7 +940,7 @@ } }, { - "@timestamp": "2022-01-04T11:57:52.951Z", + "@timestamp": "+53980-08-24T12:42:31.000Z", "confluence": { "audit": { "affected_objects": [ @@ -961,7 +961,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1014,7 +1014,7 @@ } }, { - "@timestamp": "2022-01-04T10:27:23.437Z", + "@timestamp": "+53980-06-22T16:30:37.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1088,7 +1088,7 @@ } }, { - "@timestamp": "2022-01-04T10:27:23.424Z", + "@timestamp": "+53980-06-22T16:30:24.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1162,7 +1162,7 @@ } }, { - "@timestamp": "2022-01-04T10:27:01.947Z", + "@timestamp": "+53980-06-22T10:32:27.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1179,7 +1179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Group created", @@ -1226,7 +1226,7 @@ } }, { - "@timestamp": "2022-01-04T10:25:55.867Z", + "@timestamp": "+53980-06-21T16:11:07.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1247,7 +1247,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1300,7 +1300,7 @@ } }, { - "@timestamp": "2022-01-04T10:25:55.857Z", + "@timestamp": "+53980-06-21T16:10:57.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1321,7 +1321,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1374,7 +1374,7 @@ } }, { - "@timestamp": "2022-01-04T10:25:55.839Z", + "@timestamp": "+53980-06-21T16:10:39.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1395,7 +1395,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1448,7 +1448,7 @@ } }, { - "@timestamp": "2022-01-04T10:25:34.681Z", + "@timestamp": "+53980-06-21T10:18:01.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1465,7 +1465,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Group created", @@ -1512,7 +1512,7 @@ } }, { - "@timestamp": "2021-12-07T16:46:02.860Z", + "@timestamp": "+53904-07-14T15:27:40.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1533,7 +1533,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1586,7 +1586,7 @@ } }, { - "@timestamp": "2021-12-07T16:46:02.848Z", + "@timestamp": "+53904-07-14T15:27:28.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1607,7 +1607,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1660,7 +1660,7 @@ } }, { - "@timestamp": "2021-12-07T16:46:02.837Z", + "@timestamp": "+53904-07-14T15:27:17.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1681,7 +1681,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1734,7 +1734,7 @@ } }, { - "@timestamp": "2021-12-07T16:46:02.824Z", + "@timestamp": "+53904-07-14T15:27:04.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1755,7 +1755,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1808,7 +1808,7 @@ } }, { - "@timestamp": "2021-12-07T16:45:23.912Z", + "@timestamp": "+53904-07-14T04:38:32.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1825,7 +1825,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Group created", @@ -1872,7 +1872,7 @@ } }, { - "@timestamp": "2021-12-07T16:29:39.293Z", + "@timestamp": "+53904-07-03T06:14:53.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1911,7 +1911,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space configuration updated", @@ -1949,7 +1949,7 @@ } }, { - "@timestamp": "2021-12-07T16:29:38.800Z", + "@timestamp": "+53904-07-03T06:06:40.000Z", "confluence": { "audit": { "affected_objects": [ @@ -1988,7 +1988,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Space created", @@ -2026,7 +2026,7 @@ } }, { - "@timestamp": "2021-11-29T17:10:34.800Z", + "@timestamp": "+53882-09-04T16:20:00.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2047,7 +2047,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -2100,7 +2100,7 @@ } }, { - "@timestamp": "2021-11-29T17:10:34.747Z", + "@timestamp": "+53882-09-04T16:19:07.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2121,7 +2121,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -2174,7 +2174,7 @@ } }, { - "@timestamp": "2021-11-29T17:10:34.455Z", + "@timestamp": "+53882-09-04T16:14:15.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2208,7 +2208,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -2255,7 +2255,7 @@ } }, { - "@timestamp": "2021-11-18T16:04:18.807Z", + "@timestamp": "+53852-06-07T15:53:27.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -2329,7 +2329,7 @@ } }, { - "@timestamp": "2021-11-17T16:00:37.285Z", + "@timestamp": "+53849-09-09T02:21:25.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2354,7 +2354,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User details updated", @@ -2400,7 +2400,7 @@ } }, { - "@timestamp": "2021-11-17T16:00:37.274Z", + "@timestamp": "+53849-09-09T02:21:14.000Z", "confluence": { "audit": { "external_collaborator": false, @@ -2411,7 +2411,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User deactivated", @@ -2448,7 +2448,7 @@ } }, { - "@timestamp": "2021-11-16T14:35:22.812Z", + "@timestamp": "+53846-10-15T21:40:12.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2477,7 +2477,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Page archived", @@ -2515,7 +2515,7 @@ } }, { - "@timestamp": "2021-11-16T09:25:56.738Z", + "@timestamp": "+53846-03-15T00:25:38.000Z", "confluence": { "audit": { "affected_objects": [ @@ -2540,7 +2540,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User details updated", @@ -2586,7 +2586,7 @@ } }, { - "@timestamp": "2021-11-16T09:25:56.666Z", + "@timestamp": "+53846-03-15T00:24:26.000Z", "confluence": { "audit": { "external_collaborator": false, @@ -2597,7 +2597,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User deactivated", diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index c6357c0afa0..395bf8bd937 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,5 +1,6 @@ # newer versions go on top - version: "1.3.0" + changes: - description: Add support for Atlassian JIRA Cloud type: enhancement link: https://github.com/elastic/integrations/pull/2715 diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json index c03bd27f5fb..ce2c181c9d2 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-api.log-expected.json @@ -84,7 +84,7 @@ { "@timestamp": "2021-11-22T00:34:40.008Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -165,7 +165,7 @@ { "@timestamp": "2021-11-22T00:34:23.154Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "personal.access.tokens.audit.log.summary.token.created", @@ -234,7 +234,7 @@ { "@timestamp": "2021-11-22T00:32:20.234Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -303,7 +303,7 @@ { "@timestamp": "2021-11-22T00:31:52.991Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -372,7 +372,7 @@ { "@timestamp": "2021-11-22T00:31:37.412Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -441,7 +441,7 @@ { "@timestamp": "2021-11-22T00:31:26.455Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -510,7 +510,7 @@ { "@timestamp": "2021-11-22T00:30:59.449Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -579,7 +579,7 @@ { "@timestamp": "2021-11-22T00:26:03.206Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -648,7 +648,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -717,7 +717,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", @@ -786,7 +786,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", @@ -860,7 +860,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.released", @@ -922,7 +922,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", @@ -996,7 +996,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -1064,7 +1064,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.project.created", @@ -1157,7 +1157,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -1219,7 +1219,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -1287,7 +1287,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1355,7 +1355,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1423,7 +1423,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1491,7 +1491,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1559,7 +1559,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1627,7 +1627,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1695,7 +1695,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1768,7 +1768,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1836,7 +1836,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1909,7 +1909,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1977,7 +1977,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2045,7 +2045,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2118,7 +2118,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2186,7 +2186,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2259,7 +2259,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2327,7 +2327,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2400,7 +2400,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2473,7 +2473,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2541,7 +2541,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2682,7 +2682,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2750,7 +2750,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2823,7 +2823,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2891,7 +2891,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -2959,7 +2959,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3027,7 +3027,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3095,7 +3095,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3163,7 +3163,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3236,7 +3236,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3304,7 +3304,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3372,7 +3372,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3440,7 +3440,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3508,7 +3508,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3644,7 +3644,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3712,7 +3712,7 @@ { "@timestamp": "2021-11-22T00:08:34.072Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Board created", @@ -3774,7 +3774,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.filter.created", @@ -3869,7 +3869,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -3931,7 +3931,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -3999,7 +3999,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -4077,7 +4077,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4140,7 +4140,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4203,7 +4203,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -4329,7 +4329,7 @@ { "@timestamp": "2021-11-22T00:07:09.088Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4402,7 +4402,7 @@ { "@timestamp": "2021-11-22T00:07:09.037Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4462,7 +4462,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4535,7 +4535,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4608,7 +4608,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4681,7 +4681,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4754,7 +4754,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4827,7 +4827,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -4900,7 +4900,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -4960,7 +4960,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5016,7 +5016,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5072,7 +5072,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5140,7 +5140,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5213,7 +5213,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5286,7 +5286,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -5342,7 +5342,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -5478,7 +5478,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5551,7 +5551,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5624,7 +5624,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5697,7 +5697,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -5772,7 +5772,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5845,7 +5845,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5918,7 +5918,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -5991,7 +5991,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6064,7 +6064,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -6139,7 +6139,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.created", @@ -6233,7 +6233,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -6325,7 +6325,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6398,7 +6398,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6471,7 +6471,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6544,7 +6544,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -6617,7 +6617,7 @@ { "@timestamp": "2021-11-22T00:05:08.514Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.group.created", @@ -6681,7 +6681,7 @@ { "@timestamp": "2021-11-28T18:18:26.076Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.renamed", @@ -6752,7 +6752,7 @@ { "@timestamp": "2021-11-28T18:23:20.278Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.updated", @@ -6830,7 +6830,7 @@ { "@timestamp": "2021-11-28T18:23:13.741Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.updated", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index f4bd8959961..dbbaf1e173b 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-24T08:48:05.645Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project deleted", @@ -34,7 +34,7 @@ { "@timestamp": "2022-01-24T08:48:05.316Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme deleted", @@ -65,7 +65,7 @@ { "@timestamp": "2022-01-24T08:48:05.097Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -108,7 +108,7 @@ { "@timestamp": "2022-01-24T08:48:04.939Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -151,7 +151,7 @@ { "@timestamp": "2022-01-24T08:48:04.716Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -194,7 +194,7 @@ { "@timestamp": "2022-01-24T08:48:04.530Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -237,7 +237,7 @@ { "@timestamp": "2022-01-24T08:48:04.167Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -280,7 +280,7 @@ { "@timestamp": "2022-01-24T08:48:04.020Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow scheme deleted", @@ -311,7 +311,7 @@ { "@timestamp": "2022-01-24T08:48:03.965Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow deleted", @@ -342,7 +342,7 @@ { "@timestamp": "2022-01-24T08:48:03.371Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Notification scheme deleted", @@ -373,7 +373,7 @@ { "@timestamp": "2022-01-24T08:48:03.355Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project role deleted", @@ -404,7 +404,7 @@ { "@timestamp": "2022-01-24T08:48:03.339Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project role deleted", @@ -435,7 +435,7 @@ { "@timestamp": "2022-01-24T08:48:03.322Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project role deleted", @@ -466,7 +466,7 @@ { "@timestamp": "2022-01-24T08:48:03.305Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project role deleted", @@ -497,7 +497,7 @@ { "@timestamp": "2022-01-24T08:48:03.259Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Issue Security scheme deleted", @@ -528,7 +528,7 @@ { "@timestamp": "2022-01-24T08:48:03.223Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Permission scheme deleted", @@ -559,7 +559,7 @@ { "@timestamp": "2022-01-18T08:43:02.838Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -618,7 +618,7 @@ { "@timestamp": "2022-01-18T08:43:02.768Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -677,7 +677,7 @@ { "@timestamp": "2022-01-18T08:43:02.602Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -734,7 +734,7 @@ { "@timestamp": "2022-01-14T16:37:07.126Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -793,7 +793,7 @@ { "@timestamp": "2022-01-14T16:37:07.019Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -850,7 +850,7 @@ { "@timestamp": "2022-01-10T12:44:41.065Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User's password changed", @@ -904,7 +904,7 @@ { "@timestamp": "2022-01-06T09:49:07.418Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -947,7 +947,7 @@ { "@timestamp": "2022-01-05T07:23:49.369Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -981,7 +981,7 @@ { "@timestamp": "2022-01-05T07:23:49.162Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -1024,7 +1024,7 @@ { "@timestamp": "2021-12-13T14:10:35.436Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -1067,7 +1067,7 @@ { "@timestamp": "2021-12-10T11:57:29.971Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User's password changed", @@ -1121,7 +1121,7 @@ { "@timestamp": "2021-12-10T11:53:37.982Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -1198,7 +1198,7 @@ { "@timestamp": "2021-12-10T11:52:39.940Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Customer invited notification changed", @@ -1261,7 +1261,7 @@ { "@timestamp": "2021-12-07T17:15:05.069Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User created", @@ -1338,7 +1338,7 @@ { "@timestamp": "2021-12-07T17:03:54.188Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Customer permissions changed", @@ -1401,7 +1401,7 @@ { "@timestamp": "2021-12-07T16:56:48.122Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Request type deleted", @@ -1483,7 +1483,7 @@ { "@timestamp": "2021-12-07T16:56:24.940Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Request type deleted", @@ -1565,7 +1565,7 @@ { "@timestamp": "2021-12-07T16:56:07.861Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Request type deleted", @@ -1647,7 +1647,7 @@ { "@timestamp": "2021-12-07T16:54:03.906Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Request type deleted", @@ -1729,7 +1729,7 @@ { "@timestamp": "2021-12-07T16:46:02.950Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1788,7 +1788,7 @@ { "@timestamp": "2021-12-07T16:46:02.944Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1847,7 +1847,7 @@ { "@timestamp": "2021-12-07T16:46:02.939Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1906,7 +1906,7 @@ { "@timestamp": "2021-12-07T16:46:02.932Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User added to group", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-12-07T16:45:24.007Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Group created", @@ -2006,7 +2006,7 @@ { "@timestamp": "2021-12-07T16:29:41.490Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project created", @@ -2099,7 +2099,7 @@ { "@timestamp": "2021-12-07T16:29:38.789Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Custom email channel turned on", @@ -2165,7 +2165,7 @@ { "@timestamp": "2021-12-07T16:29:38.773Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud Email settings created", @@ -2221,7 +2221,7 @@ { "@timestamp": "2021-12-07T16:29:38.426Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Cloud email channel turned on", @@ -2287,7 +2287,7 @@ { "@timestamp": "2021-12-07T16:29:36.956Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2376,7 +2376,7 @@ { "@timestamp": "2021-12-07T16:29:36.930Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2465,7 +2465,7 @@ { "@timestamp": "2021-12-07T16:29:36.903Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2554,7 +2554,7 @@ { "@timestamp": "2021-12-07T16:29:36.877Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2643,7 +2643,7 @@ { "@timestamp": "2021-12-07T16:29:36.849Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-12-07T16:29:36.823Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2821,7 +2821,7 @@ { "@timestamp": "2021-12-07T16:29:36.797Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2910,7 +2910,7 @@ { "@timestamp": "2021-12-07T16:29:36.770Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -2999,7 +2999,7 @@ { "@timestamp": "2021-12-07T16:29:36.743Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-12-07T16:29:36.717Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3177,7 +3177,7 @@ { "@timestamp": "2021-12-07T16:29:36.691Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3266,7 +3266,7 @@ { "@timestamp": "2021-12-07T16:29:36.664Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3355,7 +3355,7 @@ { "@timestamp": "2021-12-07T16:29:36.637Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3444,7 +3444,7 @@ { "@timestamp": "2021-12-07T16:29:36.609Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3533,7 +3533,7 @@ { "@timestamp": "2021-12-07T16:29:36.561Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3622,7 +3622,7 @@ { "@timestamp": "2021-12-07T16:29:36.529Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Project component created", @@ -3711,7 +3711,7 @@ { "@timestamp": "2021-12-07T16:29:36.499Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow scheme added to project", @@ -3771,7 +3771,7 @@ { "@timestamp": "2021-12-07T16:29:36.468Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -3833,7 +3833,7 @@ { "@timestamp": "2021-12-07T16:29:36.448Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -3888,7 +3888,7 @@ { "@timestamp": "2021-12-07T16:29:36.421Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow created", @@ -3954,7 +3954,7 @@ { "@timestamp": "2021-12-07T16:29:36.329Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -4016,7 +4016,7 @@ { "@timestamp": "2021-12-07T16:29:36.310Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -4071,7 +4071,7 @@ { "@timestamp": "2021-12-07T16:29:36.283Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow created", @@ -4137,7 +4137,7 @@ { "@timestamp": "2021-12-07T16:29:36.186Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow updated", @@ -4199,7 +4199,7 @@ { "@timestamp": "2021-11-18T10:58:11.410Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4266,7 +4266,7 @@ { "@timestamp": "2021-11-18T10:58:11.132Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4333,7 +4333,7 @@ { "@timestamp": "2021-11-18T10:58:10.771Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow scheme added to project", @@ -4393,7 +4393,7 @@ { "@timestamp": "2021-11-18T10:58:10.754Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow scheme created", @@ -4459,7 +4459,7 @@ { "@timestamp": "2021-11-18T10:58:10.744Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Workflow created", @@ -4521,7 +4521,7 @@ { "@timestamp": "2021-11-18T10:58:10.473Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4588,7 +4588,7 @@ { "@timestamp": "2021-11-18T10:58:10.265Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme updated", @@ -4657,7 +4657,7 @@ { "@timestamp": "2021-11-18T10:58:10.174Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme added to project", @@ -4717,7 +4717,7 @@ { "@timestamp": "2021-11-18T10:58:10.146Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Field Configuration scheme created", @@ -4784,7 +4784,7 @@ { "@timestamp": "2021-11-18T10:58:10.114Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Issue Security scheme added to project", @@ -4844,7 +4844,7 @@ { "@timestamp": "2021-11-18T10:58:10.062Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Permission scheme added to project", @@ -4904,7 +4904,7 @@ { "@timestamp": "2021-11-17T16:00:37.374Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User updated", @@ -4951,7 +4951,7 @@ { "@timestamp": "2021-11-16T09:25:56.725Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "User updated", @@ -4998,7 +4998,7 @@ { "@timestamp": "2021-11-16T08:48:05.867Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Custom field created", diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json index 259ca35fa28..35f6a66d5c8 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-files.log-expected.json @@ -68,7 +68,7 @@ { "@timestamp": "2021-11-22T00:05:08.579Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -143,7 +143,7 @@ { "@timestamp": "2021-11-22T00:05:08.581Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -218,7 +218,7 @@ { "@timestamp": "2021-11-22T00:05:08.583Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -293,7 +293,7 @@ { "@timestamp": "2021-11-22T00:05:08.584Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -368,7 +368,7 @@ { "@timestamp": "2021-11-22T00:05:08.596Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.system.license.added", @@ -462,7 +462,7 @@ { "@timestamp": "2021-11-22T00:06:49.600Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.created", @@ -557,7 +557,7 @@ { "@timestamp": "2021-11-22T00:06:49.734Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -632,7 +632,7 @@ { "@timestamp": "2021-11-22T00:06:49.750Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -707,7 +707,7 @@ { "@timestamp": "2021-11-22T00:06:49.751Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -782,7 +782,7 @@ { "@timestamp": "2021-11-22T00:06:49.752Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-22T00:06:49.754Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.global.permission.added", @@ -932,7 +932,7 @@ { "@timestamp": "2021-11-22T00:06:49.756Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.added.to.group", @@ -1007,7 +1007,7 @@ { "@timestamp": "2021-11-22T00:06:57.138Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1081,7 +1081,7 @@ { "@timestamp": "2021-11-22T00:06:57.158Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1155,7 +1155,7 @@ { "@timestamp": "2021-11-22T00:06:57.162Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -1229,7 +1229,7 @@ { "@timestamp": "2021-11-22T00:06:58.318Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1298,7 +1298,7 @@ { "@timestamp": "2021-11-22T00:06:58.974Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1367,7 +1367,7 @@ { "@timestamp": "2021-11-22T00:06:58.990Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1424,7 +1424,7 @@ { "@timestamp": "2021-11-22T00:06:59.224Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1498,7 +1498,7 @@ { "@timestamp": "2021-11-22T00:06:59.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1572,7 +1572,7 @@ { "@timestamp": "2021-11-22T00:06:59.313Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1641,7 +1641,7 @@ { "@timestamp": "2021-11-22T00:06:59.332Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1698,7 +1698,7 @@ { "@timestamp": "2021-11-22T00:06:59.340Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.updated", @@ -1755,7 +1755,7 @@ { "@timestamp": "2021-11-22T00:06:59.485Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -1817,7 +1817,7 @@ { "@timestamp": "2021-11-22T00:06:59.522Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1891,7 +1891,7 @@ { "@timestamp": "2021-11-22T00:07:01.644Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -1965,7 +1965,7 @@ { "@timestamp": "2021-11-22T00:07:01.669Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2039,7 +2039,7 @@ { "@timestamp": "2021-11-22T00:07:02.694Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2113,7 +2113,7 @@ { "@timestamp": "2021-11-22T00:07:02.725Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2187,7 +2187,7 @@ { "@timestamp": "2021-11-22T00:07:02.794Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2261,7 +2261,7 @@ { "@timestamp": "2021-11-22T00:07:09.370Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.issue.type.created", @@ -2323,7 +2323,7 @@ { "@timestamp": "2021-11-22T00:07:09.880Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.customfield.created", @@ -2397,7 +2397,7 @@ { "@timestamp": "2021-11-22T00:08:33.534Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2461,7 +2461,7 @@ { "@timestamp": "2021-11-22T00:08:33.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2525,7 +2525,7 @@ { "@timestamp": "2021-11-22T00:08:33.536Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2589,7 +2589,7 @@ { "@timestamp": "2021-11-22T00:08:33.537Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.resolutions.created", @@ -2653,7 +2653,7 @@ { "@timestamp": "2021-11-22T00:08:33.710Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.workflow.created", @@ -2732,7 +2732,7 @@ { "@timestamp": "2021-11-22T00:08:33.732Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.workflow.scheme.created", @@ -2801,7 +2801,7 @@ { "@timestamp": "2021-11-22T00:08:33.746Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.workflow.scheme.added.to.project", @@ -2863,7 +2863,7 @@ { "@timestamp": "2021-11-22T00:08:33.887Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.filter.created", @@ -2957,7 +2957,7 @@ { "@timestamp": "2021-11-22T00:08:34.720Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Board created", @@ -3019,7 +3019,7 @@ { "@timestamp": "2021-11-22T00:08:34.142Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.created", @@ -3088,7 +3088,7 @@ { "@timestamp": "2021-11-22T00:08:34.151Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3157,7 +3157,7 @@ { "@timestamp": "2021-11-22T00:08:34.163Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3226,7 +3226,7 @@ { "@timestamp": "2021-11-22T00:08:34.165Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3295,7 +3295,7 @@ { "@timestamp": "2021-11-22T00:08:34.166Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3364,7 +3364,7 @@ { "@timestamp": "2021-11-22T00:08:34.168Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3433,7 +3433,7 @@ { "@timestamp": "2021-11-22T00:08:34.171Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3502,7 +3502,7 @@ { "@timestamp": "2021-11-22T00:08:34.173Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3576,7 +3576,7 @@ { "@timestamp": "2021-11-22T00:08:34.174Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3645,7 +3645,7 @@ { "@timestamp": "2021-11-22T00:08:34.176Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3714,7 +3714,7 @@ { "@timestamp": "2021-11-22T00:08:34.178Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3783,7 +3783,7 @@ { "@timestamp": "2021-11-22T00:08:34.180Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3852,7 +3852,7 @@ { "@timestamp": "2021-11-22T00:08:34.182Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3921,7 +3921,7 @@ { "@timestamp": "2021-11-22T00:08:34.184Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -3995,7 +3995,7 @@ { "@timestamp": "2021-11-22T00:08:34.187Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4064,7 +4064,7 @@ { "@timestamp": "2021-11-22T00:08:34.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4133,7 +4133,7 @@ { "@timestamp": "2021-11-22T00:08:34.204Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4207,7 +4207,7 @@ { "@timestamp": "2021-11-22T00:08:34.208Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4276,7 +4276,7 @@ { "@timestamp": "2021-11-22T00:08:34.210Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4350,7 +4350,7 @@ { "@timestamp": "2021-11-22T00:08:34.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4424,7 +4424,7 @@ { "@timestamp": "2021-11-22T00:08:34.215Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4493,7 +4493,7 @@ { "@timestamp": "2021-11-22T00:08:34.217Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4567,7 +4567,7 @@ { "@timestamp": "2021-11-22T00:08:34.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4636,7 +4636,7 @@ { "@timestamp": "2021-11-22T00:08:34.221Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4710,7 +4710,7 @@ { "@timestamp": "2021-11-22T00:08:34.223Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4779,7 +4779,7 @@ { "@timestamp": "2021-11-22T00:08:34.225Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4848,7 +4848,7 @@ { "@timestamp": "2021-11-22T00:08:34.227Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4922,7 +4922,7 @@ { "@timestamp": "2021-11-22T00:08:34.229Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -4991,7 +4991,7 @@ { "@timestamp": "2021-11-22T00:08:34.231Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5065,7 +5065,7 @@ { "@timestamp": "2021-11-22T00:08:34.233Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5134,7 +5134,7 @@ { "@timestamp": "2021-11-22T00:08:34.235Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5203,7 +5203,7 @@ { "@timestamp": "2021-11-22T00:08:34.236Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5272,7 +5272,7 @@ { "@timestamp": "2021-11-22T00:08:34.239Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5341,7 +5341,7 @@ { "@timestamp": "2021-11-22T00:08:34.241Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5410,7 +5410,7 @@ { "@timestamp": "2021-11-22T00:08:34.243Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.updated", @@ -5479,7 +5479,7 @@ { "@timestamp": "2021-11-22T00:08:34.249Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.removed.from.project", @@ -5559,7 +5559,7 @@ { "@timestamp": "2021-11-22T00:08:34.266Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.permission.scheme.added.to.project", @@ -5621,7 +5621,7 @@ { "@timestamp": "2021-11-22T00:08:34.297Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.project.created", @@ -5714,7 +5714,7 @@ { "@timestamp": "2021-11-22T00:08:34.506Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.project.roles.changed", @@ -5783,7 +5783,7 @@ { "@timestamp": "2021-11-22T00:08:34.521Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", @@ -5857,7 +5857,7 @@ { "@timestamp": "2021-11-22T00:08:34.535Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.released", @@ -5931,7 +5931,7 @@ { "@timestamp": "2021-11-22T00:08:34.543Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", @@ -6005,7 +6005,7 @@ { "@timestamp": "2021-11-22T00:08:34.545Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.version.created", @@ -6074,7 +6074,7 @@ { "@timestamp": "2021-11-22T00:12:02.856Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "atlassian.audit.event.action.audit.search", @@ -6145,7 +6145,7 @@ { "@timestamp": "2021-11-26T19:35:10.718Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.login.failed", @@ -6220,7 +6220,7 @@ { "@timestamp": "2021-11-26T19:33:29.363Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "jira.auditing.user.logged.in", From a3dfa93ca58366bcad9fdef2e6a29c78f65a9eed Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Tue, 26 Apr 2022 21:52:56 +0000 Subject: [PATCH 21/30] fix readme's --- packages/atlassian_confluence/docs/README.md | 8 ++++++++ packages/atlassian_jira/docs/README.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 5bd63abb732..51e318cf99a 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -59,6 +59,7 @@ The Confluence integration collects audit logs from the audit log files or the a | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | +| host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -72,6 +73,7 @@ The Confluence integration collects audit logs from the audit log files or the a | source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | | source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | source.as.organization.name | Organization name. | keyword | +| source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.bytes | Bytes sent from the source to the destination. | long | | source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | @@ -86,16 +88,22 @@ The Confluence integration collects audit logs from the audit log files or the a | tags | List of keywords used to tag each event. | keyword | | user.changes.email | User email address. | keyword | | user.changes.full_name | User's full name, if available. | keyword | +| user.changes.full_name.text | Multi-field of `user.changes.full_name`. | match_only_text | | user.changes.name | Short name or login of the user. | keyword | +| user.changes.name.text | Multi-field of `user.changes.name`. | match_only_text | | user.full_name | User's full name, if available. | keyword | +| user.full_name.text | Multi-field of `user.full_name`. | match_only_text | | user.id | Unique identifier of the user. | keyword | | user.name | Short name or login of the user. | keyword | +| user.name.text | Multi-field of `user.name`. | match_only_text | | user.target.email | User email address. | keyword | | user.target.full_name | User's full name, if available. | keyword | +| user.target.full_name.text | Multi-field of `user.target.full_name`. | match_only_text | | user.target.group.id | Unique identifier for the group on the system/platform. | keyword | | user.target.group.name | Name of the group. | keyword | | user.target.id | Unique identifier of the user. | keyword | | user.target.name | Short name or login of the user. | keyword | +| user.target.name.text | Multi-field of `user.target.name`. | match_only_text | An example event for `audit` looks as following: diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index c87d07ee330..203e40d450b 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -47,6 +47,7 @@ The Jira integration collects audit logs from the audit log files or the audit A | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | +| host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -70,6 +71,7 @@ The Jira integration collects audit logs from the audit log files or the audit A | source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | | source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | source.as.organization.name | Organization name. | keyword | +| source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text | | source.bytes | Bytes sent from the source to the destination. | long | | source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | @@ -84,15 +86,21 @@ The Jira integration collects audit logs from the audit log files or the audit A | tags | List of keywords used to tag each event. | keyword | | user.changes.email | User email address. | keyword | | user.changes.full_name | User's full name, if available. | keyword | +| user.changes.full_name.text | Multi-field of `user.changes.full_name`. | match_only_text | | user.changes.name | Short name or login of the user. | keyword | +| user.changes.name.text | Multi-field of `user.changes.name`. | match_only_text | | user.full_name | User's full name, if available. | keyword | +| user.full_name.text | Multi-field of `user.full_name`. | match_only_text | | user.id | Unique identifier of the user. | keyword | | user.name | Short name or login of the user. | keyword | +| user.name.text | Multi-field of `user.name`. | match_only_text | | user.target.email | User email address. | keyword | | user.target.full_name | User's full name, if available. | keyword | +| user.target.full_name.text | Multi-field of `user.target.full_name`. | match_only_text | | user.target.group.name | Name of the group. | keyword | | user.target.id | Unique identifier of the user. | keyword | | user.target.name | Short name or login of the user. | keyword | +| user.target.name.text | Multi-field of `user.target.name`. | match_only_text | An example event for `audit` looks as following: From 7750c3d5ff919f1f5a630228998283854e0bfc17 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Wed, 27 Apr 2022 21:59:56 +0000 Subject: [PATCH 22/30] fix issues with timestamps --- .../test-audit-cloud.log-expected.json | 74 +++++++++---------- .../elasticsearch/ingest_pipeline/cloud.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 4 +- .../ingest_pipeline/self-hosted.yml | 2 +- 4 files changed, 41 insertions(+), 41 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index 01cfbe7725c..42471b4aa91 100644 --- a/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_confluence/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "+54037-09-03T16:26:02.000Z", + "@timestamp": "2022-01-25T07:51:51.962Z", "confluence": { "audit": { "affected_objects": [ @@ -56,7 +56,7 @@ } }, { - "@timestamp": "+54037-09-03T11:37:01.000Z", + "@timestamp": "2022-01-25T07:51:34.621Z", "confluence": { "audit": { "affected_objects": [ @@ -111,7 +111,7 @@ } }, { - "@timestamp": "+54037-09-02T06:52:33.000Z", + "@timestamp": "2022-01-25T07:49:51.153Z", "confluence": { "audit": { "affected_objects": [ @@ -166,7 +166,7 @@ } }, { - "@timestamp": "+54037-08-29T16:12:52.000Z", + "@timestamp": "2022-01-25T07:44:39.172Z", "confluence": { "audit": { "affected_objects": [ @@ -243,7 +243,7 @@ } }, { - "@timestamp": "+54037-08-29T16:11:32.000Z", + "@timestamp": "2022-01-25T07:44:39.092Z", "confluence": { "audit": { "affected_objects": [ @@ -320,7 +320,7 @@ } }, { - "@timestamp": "+54035-09-24T14:52:09.000Z", + "@timestamp": "2022-01-24T14:49:22.329Z", "confluence": { "audit": { "affected_objects": [ @@ -402,7 +402,7 @@ } }, { - "@timestamp": "+54035-09-24T14:51:51.000Z", + "@timestamp": "2022-01-24T14:49:22.311Z", "confluence": { "audit": { "affected_objects": [ @@ -484,7 +484,7 @@ } }, { - "@timestamp": "+54018-08-10T05:30:45.000Z", + "@timestamp": "2022-01-18T08:43:03.045Z", "confluence": { "audit": { "affected_objects": [ @@ -558,7 +558,7 @@ } }, { - "@timestamp": "+54018-08-10T05:30:14.000Z", + "@timestamp": "2022-01-18T08:43:03.014Z", "confluence": { "audit": { "affected_objects": [ @@ -632,7 +632,7 @@ } }, { - "@timestamp": "+54018-08-10T05:26:07.000Z", + "@timestamp": "2022-01-18T08:43:02.767Z", "confluence": { "audit": { "affected_objects": [ @@ -713,7 +713,7 @@ } }, { - "@timestamp": "+54008-07-22T10:40:37.000Z", + "@timestamp": "2022-01-14T16:37:07.237Z", "confluence": { "audit": { "affected_objects": [ @@ -787,7 +787,7 @@ } }, { - "@timestamp": "+54008-07-22T10:36:57.000Z", + "@timestamp": "2022-01-14T16:37:07.017Z", "confluence": { "audit": { "affected_objects": [ @@ -866,7 +866,7 @@ } }, { - "@timestamp": "+53980-08-29T04:55:03.000Z", + "@timestamp": "2022-01-04T12:04:36.903Z", "confluence": { "audit": { "affected_objects": [ @@ -940,7 +940,7 @@ } }, { - "@timestamp": "+53980-08-24T12:42:31.000Z", + "@timestamp": "2022-01-04T11:57:52.951Z", "confluence": { "audit": { "affected_objects": [ @@ -1014,7 +1014,7 @@ } }, { - "@timestamp": "+53980-06-22T16:30:37.000Z", + "@timestamp": "2022-01-04T10:27:23.437Z", "confluence": { "audit": { "affected_objects": [ @@ -1088,7 +1088,7 @@ } }, { - "@timestamp": "+53980-06-22T16:30:24.000Z", + "@timestamp": "2022-01-04T10:27:23.424Z", "confluence": { "audit": { "affected_objects": [ @@ -1162,7 +1162,7 @@ } }, { - "@timestamp": "+53980-06-22T10:32:27.000Z", + "@timestamp": "2022-01-04T10:27:01.947Z", "confluence": { "audit": { "affected_objects": [ @@ -1226,7 +1226,7 @@ } }, { - "@timestamp": "+53980-06-21T16:11:07.000Z", + "@timestamp": "2022-01-04T10:25:55.867Z", "confluence": { "audit": { "affected_objects": [ @@ -1300,7 +1300,7 @@ } }, { - "@timestamp": "+53980-06-21T16:10:57.000Z", + "@timestamp": "2022-01-04T10:25:55.857Z", "confluence": { "audit": { "affected_objects": [ @@ -1374,7 +1374,7 @@ } }, { - "@timestamp": "+53980-06-21T16:10:39.000Z", + "@timestamp": "2022-01-04T10:25:55.839Z", "confluence": { "audit": { "affected_objects": [ @@ -1448,7 +1448,7 @@ } }, { - "@timestamp": "+53980-06-21T10:18:01.000Z", + "@timestamp": "2022-01-04T10:25:34.681Z", "confluence": { "audit": { "affected_objects": [ @@ -1512,7 +1512,7 @@ } }, { - "@timestamp": "+53904-07-14T15:27:40.000Z", + "@timestamp": "2021-12-07T16:46:02.860Z", "confluence": { "audit": { "affected_objects": [ @@ -1586,7 +1586,7 @@ } }, { - "@timestamp": "+53904-07-14T15:27:28.000Z", + "@timestamp": "2021-12-07T16:46:02.848Z", "confluence": { "audit": { "affected_objects": [ @@ -1660,7 +1660,7 @@ } }, { - "@timestamp": "+53904-07-14T15:27:17.000Z", + "@timestamp": "2021-12-07T16:46:02.837Z", "confluence": { "audit": { "affected_objects": [ @@ -1734,7 +1734,7 @@ } }, { - "@timestamp": "+53904-07-14T15:27:04.000Z", + "@timestamp": "2021-12-07T16:46:02.824Z", "confluence": { "audit": { "affected_objects": [ @@ -1808,7 +1808,7 @@ } }, { - "@timestamp": "+53904-07-14T04:38:32.000Z", + "@timestamp": "2021-12-07T16:45:23.912Z", "confluence": { "audit": { "affected_objects": [ @@ -1872,7 +1872,7 @@ } }, { - "@timestamp": "+53904-07-03T06:14:53.000Z", + "@timestamp": "2021-12-07T16:29:39.293Z", "confluence": { "audit": { "affected_objects": [ @@ -1949,7 +1949,7 @@ } }, { - "@timestamp": "+53904-07-03T06:06:40.000Z", + "@timestamp": "2021-12-07T16:29:38.800Z", "confluence": { "audit": { "affected_objects": [ @@ -2026,7 +2026,7 @@ } }, { - "@timestamp": "+53882-09-04T16:20:00.000Z", + "@timestamp": "2021-11-29T17:10:34.800Z", "confluence": { "audit": { "affected_objects": [ @@ -2100,7 +2100,7 @@ } }, { - "@timestamp": "+53882-09-04T16:19:07.000Z", + "@timestamp": "2021-11-29T17:10:34.747Z", "confluence": { "audit": { "affected_objects": [ @@ -2174,7 +2174,7 @@ } }, { - "@timestamp": "+53882-09-04T16:14:15.000Z", + "@timestamp": "2021-11-29T17:10:34.455Z", "confluence": { "audit": { "affected_objects": [ @@ -2255,7 +2255,7 @@ } }, { - "@timestamp": "+53852-06-07T15:53:27.000Z", + "@timestamp": "2021-11-18T16:04:18.807Z", "confluence": { "audit": { "affected_objects": [ @@ -2329,7 +2329,7 @@ } }, { - "@timestamp": "+53849-09-09T02:21:25.000Z", + "@timestamp": "2021-11-17T16:00:37.285Z", "confluence": { "audit": { "affected_objects": [ @@ -2400,7 +2400,7 @@ } }, { - "@timestamp": "+53849-09-09T02:21:14.000Z", + "@timestamp": "2021-11-17T16:00:37.274Z", "confluence": { "audit": { "external_collaborator": false, @@ -2448,7 +2448,7 @@ } }, { - "@timestamp": "+53846-10-15T21:40:12.000Z", + "@timestamp": "2021-11-16T14:35:22.812Z", "confluence": { "audit": { "affected_objects": [ @@ -2515,7 +2515,7 @@ } }, { - "@timestamp": "+53846-03-15T00:25:38.000Z", + "@timestamp": "2021-11-16T09:25:56.738Z", "confluence": { "audit": { "affected_objects": [ @@ -2586,7 +2586,7 @@ } }, { - "@timestamp": "+53846-03-15T00:24:26.000Z", + "@timestamp": "2021-11-16T09:25:56.666Z", "confluence": { "audit": { "external_collaborator": false, diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml index 2767e19a9dc..1812314719f 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Confluence Cloud Audit logs processors: - set: field: _tmp.timestamp diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index f0c47017874..f569cfad4c8 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Confluence Audit logs processors: - set: field: ecs.version @@ -19,8 +19,8 @@ processors: - date: field: _tmp.timestamp formats: - - UNIX - UNIX_MS + - UNIX - ISO8601 target_field: "@timestamp" - convert: diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml index 784e16b60cf..77e7961bbce 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Confluence Self Hosted Audit logs processors: - set: field: _tmp.timestamp From 148c1fb7c67fdd246360242f3d10c9eb85e23ceb Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 17:08:12 -0400 Subject: [PATCH 23/30] atlassian_confluence: Add missing event mappings event.action event.category event.created event.kind event.original event.type --- .../data_stream/audit/fields/ecs.yml | 118 ++++++++++-------- 1 file changed, 65 insertions(+), 53 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml index e34c06aaa9d..d6ed36b3782 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml @@ -3,72 +3,84 @@ - external: ecs name: error.message - external: ecs - name: tags + name: event.action - external: ecs - name: user.id + name: event.category - external: ecs - name: user.name + name: event.created - external: ecs - name: user.full_name + name: event.kind - external: ecs - name: user.target.full_name + name: event.original - external: ecs - name: user.target.email + name: event.type - external: ecs - name: user.target.group.id + name: group.id - external: ecs - name: user.target.group.name + name: group.name - external: ecs - name: user.target.id + name: log.file.path - external: ecs - name: user.target.name + name: related.hosts - external: ecs - name: user.changes.name + name: related.ip - external: ecs - name: user.changes.email + name: related.user - external: ecs - name: user.changes.full_name + name: service.address - external: ecs - name: group.name + name: source.address - external: ecs - name: group.id -- name: source.address - external: ecs -- name: source.as.number - external: ecs -- name: source.as.organization.name - external: ecs -- name: source.bytes - external: ecs -- name: source.domain - external: ecs -- name: source.geo.city_name - external: ecs -- name: source.geo.continent_name - external: ecs -- name: source.geo.country_iso_code - external: ecs -- name: source.geo.country_name - external: ecs -- name: source.geo.location - description: Longitude and latitude. + name: source.as.number +- external: ecs + name: source.as.organization.name +- external: ecs + name: source.bytes +- external: ecs + name: source.domain +- external: ecs + name: source.geo.city_name +- external: ecs + name: source.geo.continent_name +- external: ecs + name: source.geo.country_iso_code +- external: ecs + name: source.geo.country_name +- description: Longitude and latitude. example: '{ "lon": -73.614830, "lat": 45.505918 }' + name: source.geo.location type: geo_point -- name: source.geo.name - external: ecs -- name: source.geo.region_iso_code - external: ecs -- name: source.geo.region_name - external: ecs -- name: source.ip - external: ecs -- name: log.file.path - external: ecs -- name: service.address - external: ecs -- name: related.ip - external: ecs -- name: related.user - external: ecs -- name: related.hosts - external: ecs +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.region_iso_code +- external: ecs + name: source.geo.region_name +- external: ecs + name: source.ip +- external: ecs + name: tags +- external: ecs + name: user.changes.email +- external: ecs + name: user.changes.full_name +- external: ecs + name: user.changes.name +- external: ecs + name: user.full_name +- external: ecs + name: user.id +- external: ecs + name: user.name +- external: ecs + name: user.target.email +- external: ecs + name: user.target.full_name +- external: ecs + name: user.target.group.id +- external: ecs + name: user.target.group.name +- external: ecs + name: user.target.id +- external: ecs + name: user.target.name From 38f5d995a3315fd84ee1c0d477472f8f65ede216 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 17:09:40 -0400 Subject: [PATCH 24/30] atlassian_confluence: Update readme --- packages/atlassian_confluence/docs/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/atlassian_confluence/docs/README.md b/packages/atlassian_confluence/docs/README.md index 51e318cf99a..76f79e3e1e1 100644 --- a/packages/atlassian_confluence/docs/README.md +++ b/packages/atlassian_confluence/docs/README.md @@ -42,8 +42,14 @@ The Confluence integration collects audit logs from the audit log files or the a | data_stream.type | Data stream type. | constant_keyword | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | error.message | Error message. | match_only_text | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | +| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | event.dataset | Event dataset | constant_keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.module | Event module | constant_keyword | +| event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | group.id | Unique identifier for the group on the system/platform. | keyword | | group.name | Name of the group. | keyword | | host.architecture | Operating system architecture. | keyword | From 280f63f5944a00a4b568db288d7abb4b38ee09e2 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 18:58:51 -0400 Subject: [PATCH 25/30] Separate config for atlassian cloud --- .../audit/agent/stream/httpjson.yml.hbs | 58 +++++++++++++------ 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs index b90e58dfb00..6f54d0d4baf 100644 --- a/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -1,20 +1,19 @@ config_version: "2" interval: {{interval}} request.method: "GET" -{{#if atlassian_cloud}} -request.url: {{api_url}}/wiki/rest/api/audit -{{else}} -request.url: {{api_url}}/rest/auditing/1.0/events -{{/if}} + {{#if ssl}} request.ssl: {{ssl}} {{/if}} + {{#if http_client_timeout}} request.timeout: {{http_client_timeout}} {{/if}} + {{#if proxy_url }} request.proxy_url: {{proxy_url}} {{/if}} + {{#unless token}} {{#if username}} {{#if password}} @@ -24,14 +23,16 @@ auth.basic.password: {{password}} {{/if}} {{/unless}} +{{#if atlassian_cloud}} +{{! Atlassian Confluence Cloud }} +request.url: {{api_url}}/wiki/rest/api/audit request.transforms: - set: target: url.params.limit - value: {{ limit }} -{{#if atlassian_cloud}} + value: '{{ limit }}' - set: target: url.params.startDate - value: "[[.cursor.last_timestamp]]" + value: '[[.cursor.last_timestamp]]' default: '[[(now (parseDuration "-{{initial_interval}}")).UnixMilli]]' - set: target: url.params.endDate @@ -39,17 +40,39 @@ request.transforms: - set: target: url.params.start value: '0' + response.split: target: body.results + response.pagination: - set: target: url.value - value: '[[sprintf "%s/wiki/rest/api/audit?endDate=%s&startDate=%s&start=%d&limit=%s" "{{api_url}}" (.last_response.url.params.Get "endDate") (.last_response.url.params.Get "startDate") (add (toInt .last_response.body.start) (toInt .last_response.body.limit)) "{{ limit }}"]]' + value: > + [[sprintf "%s/wiki/rest/api/audit?endDate=%s&startDate=%s&start=%d&limit=%s" + "{{api_url}}" + (.last_response.url.params.Get "endDate") + (.last_response.url.params.Get "startDate") + (add (toInt .last_response.body.start) (toInt .last_response.body.limit)) + "{{ limit }}"]] fail_on_template_error: true + cursor: last_timestamp: - value: "[[.first_event.creationDate]]" + value: '[[.first_event.creationDate]]' + +fields_under_root: true +fields: + _config: + atlassian_cloud: true + {{else}} +{{! Self-hosted Confluence Data Center }} +request.url: {{api_url}}/rest/auditing/1.0/events +request.transforms: + - set: + target: url.params.limit + value: '{{ limit }}' + {{#unless username}} {{#unless password}} {{#if token}} @@ -59,23 +82,27 @@ cursor: {{/if}} {{/unless}} {{/unless}} + - set: target: url.params.from - value: "[[.cursor.last_timestamp]]" + value: '[[.cursor.last_timestamp]]' default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' - set: target: url.params.to value: '[[formatDate now]]' + response.split: target: body.entities + response.pagination: - set: target: url.value value: '[[ .last_response.body.pagingInfo.nextPageLink ]]' fail_on_template_error: true + cursor: last_timestamp: - value: "[[.first_event.timestamp]]" + value: '[[.first_event.timestamp]]' {{/if}} tags: @@ -90,13 +117,6 @@ tags: publisher_pipeline.disable_host: true {{/contains}} -{{#if atlassian_cloud}} -fields_under_root: true -fields: - _config: - atlassian_cloud: true -{{/if}} - {{#if processors}} processors: {{processors}} From 55b0de1fb4a16e502ecc0df6ab6d888926996b49 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 18:58:21 -0400 Subject: [PATCH 26/30] Separate timestamp processing --- .../audit/elasticsearch/ingest_pipeline/cloud.yml | 10 +++++----- .../elasticsearch/ingest_pipeline/default.yml | 14 ++++++-------- .../elasticsearch/ingest_pipeline/self-hosted.yml | 13 +++++++++---- 3 files changed, 20 insertions(+), 17 deletions(-) diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml index 1812314719f..0e81f00f677 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -1,10 +1,10 @@ --- -description: Pipeline for processing Confluence Cloud Audit logs +description: Pipeline for processing Atlassian Confluence Cloud audit logs. processors: -- set: - field: _tmp.timestamp - copy_from: json.creationDate - if: ctx.json?.creationDate != null +- date: + field: json.creationDate + formats: + - UNIX_MS - rename: field: json.remoteAddress target_field: source.address diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index f569cfad4c8..7f4e052ebcc 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing Confluence Audit logs +description: Pipeline for processing Atlassian Confluence audit logs. processors: - set: field: ecs.version @@ -16,13 +16,6 @@ processors: - pipeline: name: '{{ IngestPipeline "self-hosted" }}' if: "ctx._config?.atlassian_cloud == null" -- date: - field: _tmp.timestamp - formats: - - UNIX_MS - - UNIX - - ISO8601 - target_field: "@timestamp" - convert: field: source.address target_field: source.ip @@ -445,6 +438,11 @@ processors: } handleMap(ctx); on_failure: +- remove: + field: + - _config + - _tmp + ignore_failure: true - set: field: error.message value: '{{ _ingest.on_failure_message }}' diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml index 77e7961bbce..ee49315d6a5 100644 --- a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml +++ b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -1,14 +1,19 @@ --- -description: Pipeline for processing Confluence Self Hosted Audit logs +description: Pipeline for processing self-hosted Atlassian Confluence audit logs. processors: - set: field: _tmp.timestamp copy_from: json.timestamp - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof String + if: ctx.json?.timestamp != null && ctx.json.timestamp instanceof String - set: field: _tmp.timestamp - value: "{{json.timestamp.epochSecond}}.{{json.timestamp.nano}}" - if: ctx.json?.timestamp != null && ctx.json?.timestamp instanceof Map && ctx.json?.timestamp?.epochSecond != null && ctx.json?.timestamp?.nano != null + value: "{{{json.timestamp.epochSecond}}}.{{{json.timestamp.nano}}}" + if: ctx.json?.timestamp != null && ctx.json.timestamp instanceof Map && ctx.json.timestamp?.epochSecond != null && ctx.json.timestamp?.nano != null +- date: + field: _tmp.timestamp + formats: + - UNIX + - ISO8601 - rename: field: json.source target_field: source.address From 3e459a6e57493237789e36cb9ad7210b7333b870 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 19:10:38 -0400 Subject: [PATCH 27/30] atlassian_jira: add missing event field mappings event.action event.category event.created event.kind event.original event.outcome event.type --- .../data_stream/audit/fields/ecs.yml | 118 ++++++++++-------- 1 file changed, 67 insertions(+), 51 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/fields/ecs.yml b/packages/atlassian_jira/data_stream/audit/fields/ecs.yml index 50fda5dc2ca..090b9906d9a 100644 --- a/packages/atlassian_jira/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_jira/data_stream/audit/fields/ecs.yml @@ -3,68 +3,84 @@ - external: ecs name: error.message - external: ecs - name: tags + name: event.action - external: ecs - name: user.id + name: event.category - external: ecs - name: user.name + name: event.created - external: ecs - name: user.full_name + name: event.id - external: ecs - name: user.target.full_name + name: event.kind - external: ecs - name: user.target.name + name: event.original - external: ecs - name: user.target.group.name + name: event.outcome - external: ecs - name: user.target.id + name: event.type - external: ecs - name: user.target.email + name: group.name - external: ecs - name: user.changes.name + name: log.file.path - external: ecs - name: user.changes.full_name + name: related.hosts - external: ecs - name: user.changes.email + name: related.ip - external: ecs - name: group.name -- name: source.address - external: ecs -- name: source.as.number - external: ecs -- name: source.as.organization.name - external: ecs -- name: source.bytes - external: ecs -- name: source.domain - external: ecs -- name: source.geo.city_name - external: ecs -- name: source.geo.continent_name - external: ecs -- name: source.geo.country_iso_code - external: ecs -- name: source.geo.country_name - external: ecs -- name: source.geo.location - description: Longitude and latitude. + name: related.user +- external: ecs + name: service.address +- external: ecs + name: source.address +- external: ecs + name: source.as.number +- external: ecs + name: source.as.organization.name +- external: ecs + name: source.bytes +- external: ecs + name: source.domain +- external: ecs + name: source.geo.city_name +- external: ecs + name: source.geo.continent_name +- external: ecs + name: source.geo.country_iso_code +- external: ecs + name: source.geo.country_name +- description: Longitude and latitude. example: '{ "lon": -73.614830, "lat": 45.505918 }' + name: source.geo.location type: geo_point -- name: source.geo.name - external: ecs -- name: source.geo.region_iso_code - external: ecs -- name: source.geo.region_name - external: ecs -- name: source.ip - external: ecs -- name: log.file.path - external: ecs -- name: service.address - external: ecs -- name: related.ip - external: ecs -- name: related.user - external: ecs -- name: related.hosts - external: ecs +- external: ecs + name: source.geo.name +- external: ecs + name: source.geo.region_iso_code +- external: ecs + name: source.geo.region_name +- external: ecs + name: source.ip +- external: ecs + name: tags +- external: ecs + name: user.changes.email +- external: ecs + name: user.changes.full_name +- external: ecs + name: user.changes.name +- external: ecs + name: user.full_name +- external: ecs + name: user.id +- external: ecs + name: user.name +- external: ecs + name: user.target.email +- external: ecs + name: user.target.full_name +- external: ecs + name: user.target.group.name +- external: ecs + name: user.target.id +- external: ecs + name: user.target.name From badd16597342297d7026420b45a16336c41f0a0d Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 19:10:54 -0400 Subject: [PATCH 28/30] atlassian_jira: update readme --- packages/atlassian_jira/docs/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/atlassian_jira/docs/README.md b/packages/atlassian_jira/docs/README.md index 203e40d450b..f2fcea5b50c 100644 --- a/packages/atlassian_jira/docs/README.md +++ b/packages/atlassian_jira/docs/README.md @@ -31,8 +31,16 @@ The Jira integration collects audit logs from the audit log files or the audit A | data_stream.type | Data stream type. | constant_keyword | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | error.message | Error message. | match_only_text | +| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | +| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | event.dataset | Event dataset | constant_keyword | +| event.id | Unique ID to describe the event. | keyword | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.module | Event module | constant_keyword | +| event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword | +| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | +| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | group.name | Name of the group. | keyword | | host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | From 6f170627c0859509e7934565a81a85aacdf3a426 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 19:13:16 -0400 Subject: [PATCH 29/30] atlassian_jira: convert event.id to string --- .../test-audit-cloud.log-expected.json | 164 +++++++++--------- .../elasticsearch/ingest_pipeline/cloud.yml | 3 +- 2 files changed, 84 insertions(+), 83 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json index dbbaf1e173b..4ad5d9433ca 100644 --- a/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json +++ b/packages/atlassian_jira/data_stream/audit/_dev/test/pipeline/test-audit-cloud.log-expected.json @@ -7,7 +7,7 @@ }, "event": { "action": "Project deleted", - "id": 11959, + "id": "11959", "kind": "event", "original": "{\"id\":11959,\"summary\":\"Project deleted\",\"created\":\"2022-01-24T08:48:05.645+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Test\",\"typeName\":\"PROJECT\"}}", "type": "info" @@ -38,7 +38,7 @@ }, "event": { "action": "Field Configuration scheme deleted", - "id": 11958, + "id": "11958", "kind": "event", "original": "{\"id\":11958,\"summary\":\"Field Configuration scheme deleted\",\"created\":\"2022-01-24T08:48:05.316+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"}}", "type": "info" @@ -69,7 +69,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11957, + "id": "11957", "kind": "event", "original": "{\"id\":11957,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:05.097+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Subtask\",\"changedTo\":\"\"}]}", "type": "info" @@ -112,7 +112,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11956, + "id": "11956", "kind": "event", "original": "{\"id\":11956,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.939+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Epic\",\"changedTo\":\"\"}]}", "type": "info" @@ -155,7 +155,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11955, + "id": "11955", "kind": "event", "original": "{\"id\":11955,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.716+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Bug\",\"changedTo\":\"\"}]}", "type": "info" @@ -198,7 +198,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11954, + "id": "11954", "kind": "event", "original": "{\"id\":11954,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.530+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Task\",\"changedTo\":\"\"}]}", "type": "info" @@ -241,7 +241,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11953, + "id": "11953", "kind": "event", "original": "{\"id\":11953,\"summary\":\"Field Configuration scheme updated\",\"created\":\"2022-01-24T08:48:04.167+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"Field Configuration Scheme for Project TEST\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Story\",\"changedTo\":\"\"}]}", "type": "info" @@ -284,7 +284,7 @@ }, "event": { "action": "Workflow scheme deleted", - "id": 11952, + "id": "11952", "kind": "event", "original": "{\"id\":11952,\"summary\":\"Workflow scheme deleted\",\"created\":\"2022-01-24T08:48:04.020+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10001\",\"name\":\"TEST: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"}}", "type": "info" @@ -315,7 +315,7 @@ }, "event": { "action": "Workflow deleted", - "id": 11951, + "id": "11951", "kind": "event", "original": "{\"id\":11951,\"summary\":\"Workflow deleted\",\"created\":\"2022-01-24T08:48:03.965+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Project TEST: Software Workflow for 10001\",\"name\":\"Project TEST: Software Workflow for 10001\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -346,7 +346,7 @@ }, "event": { "action": "Notification scheme deleted", - "id": 11950, + "id": "11950", "kind": "event", "original": "{\"id\":11950,\"summary\":\"Notification scheme deleted\",\"created\":\"2022-01-24T08:48:03.371+0000\",\"category\":\"notifications\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10001\",\"name\":\"TEST: Simplified Notification Scheme\",\"typeName\":\"SCHEME\"}}", "type": "info" @@ -377,7 +377,7 @@ }, "event": { "action": "Project role deleted", - "id": 11949, + "id": "11949", "kind": "event", "original": "{\"id\":11949,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.355+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10006\",\"name\":\"Viewer\",\"typeName\":\"PROJECT_ROLE\"}}", "type": "info" @@ -408,7 +408,7 @@ }, "event": { "action": "Project role deleted", - "id": 11948, + "id": "11948", "kind": "event", "original": "{\"id\":11948,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.339+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10005\",\"name\":\"Member\",\"typeName\":\"PROJECT_ROLE\"}}", "type": "info" @@ -439,7 +439,7 @@ }, "event": { "action": "Project role deleted", - "id": 11947, + "id": "11947", "kind": "event", "original": "{\"id\":11947,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.322+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10007\",\"name\":\"atlassian-addons-project-access\",\"typeName\":\"PROJECT_ROLE\"}}", "type": "info" @@ -470,7 +470,7 @@ }, "event": { "action": "Project role deleted", - "id": 11946, + "id": "11946", "kind": "event", "original": "{\"id\":11946,\"summary\":\"Project role deleted\",\"created\":\"2022-01-24T08:48:03.305+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10004\",\"name\":\"Administrator\",\"typeName\":\"PROJECT_ROLE\"}}", "type": "info" @@ -501,7 +501,7 @@ }, "event": { "action": "Issue Security scheme deleted", - "id": 11945, + "id": "11945", "kind": "event", "original": "{\"id\":11945,\"summary\":\"Issue Security scheme deleted\",\"created\":\"2022-01-24T08:48:03.259+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"TEST: Simplified Issue Security Scheme\",\"typeName\":\"SCHEME\"}}", "type": "info" @@ -532,7 +532,7 @@ }, "event": { "action": "Permission scheme deleted", - "id": 11944, + "id": "11944", "kind": "event", "original": "{\"id\":11944,\"summary\":\"Permission scheme deleted\",\"created\":\"2022-01-24T08:48:03.223+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10000\",\"name\":\"TEST: Simplified Permission Scheme\",\"typeName\":\"SCHEME\"}}", "type": "info" @@ -566,7 +566,7 @@ "category": [ "iam" ], - "id": 11939, + "id": "11939", "kind": "event", "original": "{\"id\":11939,\"summary\":\"User added to group\",\"created\":\"2022-01-18T08:43:02.838+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"jira-software-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -625,7 +625,7 @@ "category": [ "iam" ], - "id": 11938, + "id": "11938", "kind": "event", "original": "{\"id\":11938,\"summary\":\"User added to group\",\"created\":\"2022-01-18T08:43:02.768+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"confluence-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -684,7 +684,7 @@ "category": [ "iam" ], - "id": 11937, + "id": "11937", "kind": "event", "original": "{\"id\":11937,\"summary\":\"User created\",\"created\":\"2022-01-18T08:43:02.602+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"name\":\"ug:2281b112-0f77-4305-b779-66d30930eb83\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -741,7 +741,7 @@ "category": [ "iam" ], - "id": 11935, + "id": "11935", "kind": "event", "original": "{\"id\":11935,\"summary\":\"User added to group\",\"created\":\"2022-01-14T16:37:07.126+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"confluence-users\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -800,7 +800,7 @@ "category": [ "iam" ], - "id": 11934, + "id": "11934", "kind": "event", "original": "{\"id\":11934,\"summary\":\"User created\",\"created\":\"2022-01-14T16:37:07.019+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"name\":\"ug:14961f0e-0eda-4a4a-9e9e-9d6a617b625b\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -854,7 +854,7 @@ }, "event": { "action": "User's password changed", - "id": 11933, + "id": "11933", "kind": "event", "original": "{\"id\":11933,\"summary\":\"User's password changed\",\"remoteAddress\":\"81.2.69.193\",\"created\":\"2022-01-10T12:44:41.065+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": "info" @@ -908,7 +908,7 @@ }, "event": { "action": "Workflow updated", - "id": 11932, + "id": "11932", "kind": "event", "original": "{\"id\":11932,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.76.139\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-06T09:49:07.418+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -951,7 +951,7 @@ }, "event": { "action": "Workflow updated", - "id": 11931, + "id": "11931", "kind": "event", "original": "{\"id\":11931,\"summary\":\"Workflow updated\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-05T07:23:49.369+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -985,7 +985,7 @@ }, "event": { "action": "Workflow updated", - "id": 11930, + "id": "11930", "kind": "event", "original": "{\"id\":11930,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.76.139\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2022-01-05T07:23:49.162+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -1028,7 +1028,7 @@ }, "event": { "action": "Workflow updated", - "id": 11898, + "id": "11898", "kind": "event", "original": "{\"id\":11898,\"summary\":\"Workflow updated\",\"remoteAddress\":\"10.83.62.36\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-12-13T14:10:35.436+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -1071,7 +1071,7 @@ }, "event": { "action": "User's password changed", - "id": 11897, + "id": "11897", "kind": "event", "original": "{\"id\":11897,\"summary\":\"User's password changed\",\"remoteAddress\":\"81.2.69.193\",\"created\":\"2021-12-10T11:57:29.971+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": "info" @@ -1128,7 +1128,7 @@ "category": [ "iam" ], - "id": 11896, + "id": "11896", "kind": "event", "original": "{\"id\":11896,\"summary\":\"User created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-10T11:53:37.982+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:41e9b5da-f312-4943-807c-02b484a1c682\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -1202,7 +1202,7 @@ }, "event": { "action": "Customer invited notification changed", - "id": 11895, + "id": "11895", "kind": "event", "original": "{\"id\":11895,\"summary\":\"Customer invited notification changed\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-10T11:52:39.940+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10003\",\"name\":\"Support\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"isEnabled\",\"changedFrom\":\"false\",\"changedTo\":\"true\"}],\"associatedItems\":[{\"id\":\"10003\",\"name\":\"Support\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -1268,7 +1268,7 @@ "category": [ "iam" ], - "id": 11894, + "id": "11894", "kind": "event", "original": "{\"id\":11894,\"summary\":\"User created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T17:15:05.069+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedTo\":\"Active\"}],\"associatedItems\":[{\"id\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"name\":\"qm:698d24b2-838f-4c47-8c05-d125e44bc6ae:ca0f9bb4-060b-4431-937f-ad240d0fb7c9\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -1342,7 +1342,7 @@ }, "event": { "action": "Customer permissions changed", - "id": 11893, + "id": "11893", "kind": "event", "original": "{\"id\":11893,\"summary\":\"Customer permissions changed\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T17:03:54.188+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"description\":\"Update who can access the portal and send requests\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"Customer access\",\"changedFrom\":\"Anyone with an account\",\"changedTo\":\"Customers my team adds to the project\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -1405,7 +1405,7 @@ }, "event": { "action": "Request type deleted", - "id": 11892, + "id": "11892", "kind": "event", "original": "{\"id\":11892,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:48.122+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"89\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Want to access work stuff from outside? Let us know.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Set up VPN to the office\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10526\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -1487,7 +1487,7 @@ }, "event": { "action": "Request type deleted", - "id": 11891, + "id": "11891", "kind": "event", "original": "{\"id\":11891,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:24.940+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"86\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Get assistance for general IT problems and questions.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Get IT help\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10541\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -1569,7 +1569,7 @@ }, "event": { "action": "Request type deleted", - "id": 11890, + "id": "11890", "kind": "event", "original": "{\"id\":11890,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:56:07.861+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"96\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Need a mobile phone or time for replacement? Let us know.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"New mobile device\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10025\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10534\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -1651,7 +1651,7 @@ }, "event": { "action": "Request type deleted", - "id": 11889, + "id": "11889", "kind": "event", "original": "{\"id\":11889,\"summary\":\"Request type deleted\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:54:03.906+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"88\",\"changedTo\":\"\"},{\"fieldName\":\"description\",\"changedFrom\":\"Raise a request to ask for temp wifi access for guests.\",\"changedTo\":\"\"},{\"fieldName\":\"name\",\"changedFrom\":\"Get a guest wifi account\",\"changedTo\":\"\"},{\"fieldName\":\"issueTypeId\",\"changedFrom\":\"10024\",\"changedTo\":\"\"},{\"fieldName\":\"iconId\",\"changedFrom\":\"10519\",\"changedTo\":\"\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -1736,7 +1736,7 @@ "category": [ "iam" ], - "id": 11888, + "id": "11888", "kind": "event", "original": "{\"id\":11888,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.950+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -1795,7 +1795,7 @@ "category": [ "iam" ], - "id": 11887, + "id": "11887", "kind": "event", "original": "{\"id\":11887,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.944+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"EngSys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579\",\"name\":\"ug:0fb27017-ce06-4bff-bd1d-1cc0e9ad2579\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -1854,7 +1854,7 @@ "category": [ "iam" ], - "id": 11886, + "id": "11886", "kind": "event", "original": "{\"id\":11886,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.939+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:1b93c61c-2382-4f4e-8f38-f901c702845f\",\"name\":\"ug:1b93c61c-2382-4f4e-8f38-f901c702845f\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -1913,7 +1913,7 @@ "category": [ "iam" ], - "id": 11885, + "id": "11885", "kind": "event", "original": "{\"id\":11885,\"summary\":\"User added to group\",\"created\":\"2021-12-07T16:46:02.932+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"EngSys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"},\"associatedItems\":[{\"id\":\"ug:016dd2df-318a-4b92-908d-b0b9e531c60f\",\"name\":\"ug:016dd2df-318a-4b92-908d-b0b9e531c60f\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}]}", "type": [ @@ -1972,7 +1972,7 @@ "category": [ "iam" ], - "id": 11884, + "id": "11884", "kind": "event", "original": "{\"id\":11884,\"summary\":\"Group created\",\"created\":\"2021-12-07T16:45:24.007+0000\",\"category\":\"group management\",\"eventSource\":\"\",\"objectItem\":{\"name\":\"Eng Sys\",\"typeName\":\"GROUP\",\"parentId\":\"10000\",\"parentName\":\"com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory\"}}", "type": [ @@ -2013,7 +2013,7 @@ "category": [ "configuration" ], - "id": 11883, + "id": "11883", "kind": "event", "original": "{\"id\":11883,\"summary\":\"Project created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:41.490+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Unassigned\"},{\"fieldName\":\"Project lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Key\",\"changedTo\":\"ACC\"},{\"fieldName\":\"Name\",\"changedTo\":\"Change Control\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -2103,7 +2103,7 @@ }, "event": { "action": "Custom email channel turned on", - "id": 11882, + "id": "11882", "kind": "event", "original": "{\"id\":11882,\"summary\":\"Custom email channel turned on\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.789+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"userName\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"host\",\"changedFrom\":\"\",\"changedTo\":\"mailstore\"},{\"fieldName\":\"port\",\"changedFrom\":\"\",\"changedTo\":\"110\"},{\"fieldName\":\"tlsEnabled\",\"changedFrom\":\"\",\"changedTo\":\"false\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"protocol\",\"changedFrom\":\"\",\"changedTo\":\"vertimail\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2169,7 +2169,7 @@ }, "event": { "action": "Cloud Email settings created", - "id": 11881, + "id": "11881", "kind": "event", "original": "{\"id\":11881,\"summary\":\"Cloud Email settings created\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.773+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"id\",\"changedFrom\":\"\",\"changedTo\":\"7\"},{\"fieldName\":\"requestTypeId\",\"changedFrom\":\"\",\"changedTo\":\"95\"},{\"fieldName\":\"serviceDeskId\",\"changedFrom\":\"\",\"changedTo\":\"6\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2225,7 +2225,7 @@ }, "event": { "action": "Cloud email channel turned on", - "id": 11880, + "id": "11880", "kind": "event", "original": "{\"id\":11880,\"summary\":\"Cloud email channel turned on\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:38.426+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"changedValues\":[{\"fieldName\":\"userName\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"host\",\"changedFrom\":\"\",\"changedTo\":\"mailstore\"},{\"fieldName\":\"port\",\"changedFrom\":\"\",\"changedTo\":\"110\"},{\"fieldName\":\"tlsEnabled\",\"changedFrom\":\"\",\"changedTo\":\"null\"},{\"fieldName\":\"emailAddress\",\"changedFrom\":\"\",\"changedTo\":\"support@cyberfort.atlassian.net\"},{\"fieldName\":\"protocol\",\"changedFrom\":\"\",\"changedTo\":\"vertimail\"}],\"associatedItems\":[{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2291,7 +2291,7 @@ }, "event": { "action": "Project component created", - "id": 11879, + "id": "11879", "kind": "event", "original": "{\"id\":11879,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.956+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10099\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2380,7 +2380,7 @@ }, "event": { "action": "Project component created", - "id": 11878, + "id": "11878", "kind": "event", "original": "{\"id\":11878,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.930+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10098\",\"name\":\"VPN Server\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"VPN Server\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2469,7 +2469,7 @@ }, "event": { "action": "Project component created", - "id": 11877, + "id": "11877", "kind": "event", "original": "{\"id\":11877,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.903+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10097\",\"name\":\"Public Website\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Public Website\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2558,7 +2558,7 @@ }, "event": { "action": "Project component created", - "id": 11876, + "id": "11876", "kind": "event", "original": "{\"id\":11876,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.877+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10096\",\"name\":\"Printers\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Printers\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2647,7 +2647,7 @@ }, "event": { "action": "Project component created", - "id": 11875, + "id": "11875", "kind": "event", "original": "{\"id\":11875,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.849+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10095\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2736,7 +2736,7 @@ }, "event": { "action": "Project component created", - "id": 11874, + "id": "11874", "kind": "event", "original": "{\"id\":11874,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.823+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10094\",\"name\":\"Office Network\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Office Network\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2825,7 +2825,7 @@ }, "event": { "action": "Project component created", - "id": 11873, + "id": "11873", "kind": "event", "original": "{\"id\":11873,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.797+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10093\",\"name\":\"Jira\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Jira\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -2914,7 +2914,7 @@ }, "event": { "action": "Project component created", - "id": 11872, + "id": "11872", "kind": "event", "original": "{\"id\":11872,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.770+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10092\",\"name\":\"Intranet\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Intranet\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3003,7 +3003,7 @@ }, "event": { "action": "Project component created", - "id": 11871, + "id": "11871", "kind": "event", "original": "{\"id\":11871,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.743+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10091\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3092,7 +3092,7 @@ }, "event": { "action": "Project component created", - "id": 11870, + "id": "11870", "kind": "event", "original": "{\"id\":11870,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.717+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10090\",\"name\":\"Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3181,7 +3181,7 @@ }, "event": { "action": "Project component created", - "id": 11869, + "id": "11869", "kind": "event", "original": "{\"id\":11869,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.691+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10089\",\"name\":\"Email and Collaboration Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Email and Collaboration Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3270,7 +3270,7 @@ }, "event": { "action": "Project component created", - "id": 11868, + "id": "11868", "kind": "event", "original": "{\"id\":11868,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.664+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10088\",\"name\":\"Data Center Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Data Center Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3359,7 +3359,7 @@ }, "event": { "action": "Project component created", - "id": 11867, + "id": "11867", "kind": "event", "original": "{\"id\":11867,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.637+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10087\",\"name\":\"Cloud Storage Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Cloud Storage Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3448,7 +3448,7 @@ }, "event": { "action": "Project component created", - "id": 11866, + "id": "11866", "kind": "event", "original": "{\"id\":11866,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.609+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10086\",\"name\":\"Billing Services\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Billing Services\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3537,7 +3537,7 @@ }, "event": { "action": "Project component created", - "id": 11865, + "id": "11865", "kind": "event", "original": "{\"id\":11865,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.561+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10085\",\"name\":\"Analytics and Reporting Service\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Analytics and Reporting Service\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3626,7 +3626,7 @@ }, "event": { "action": "Project component created", - "id": 11864, + "id": "11864", "kind": "event", "original": "{\"id\":11864,\"summary\":\"Project component created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.529+0000\",\"category\":\"projects\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10084\",\"name\":\"Active Directory\",\"typeName\":\"PROJECT_COMPONENT\"},\"changedValues\":[{\"fieldName\":\"Default Assignee\",\"changedTo\":\"Project Default\"},{\"fieldName\":\"Component Lead\",\"changedTo\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\"},{\"fieldName\":\"Description\",\"changedTo\":\"Created by Jira Service Management\"},{\"fieldName\":\"Name\",\"changedTo\":\"Active Directory\"}],\"associatedItems\":[{\"id\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"name\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"}]}", "type": "info" @@ -3715,7 +3715,7 @@ }, "event": { "action": "Workflow scheme added to project", - "id": 11863, + "id": "11863", "kind": "event", "original": "{\"id\":11863,\"summary\":\"Workflow scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.499+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10022\",\"name\":\"Change Control\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10023\",\"name\":\"Jira Service Management IT Support Workflow Scheme generated for Project ACC\",\"typeName\":\"SCHEME\"}]}", "type": "info" @@ -3775,7 +3775,7 @@ }, "event": { "action": "Workflow updated", - "id": 11862, + "id": "11862", "kind": "event", "original": "{\"id\":11862,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.468+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management default workflow was generated for Project ACC\"}]}", "type": "info" @@ -3837,7 +3837,7 @@ }, "event": { "action": "Workflow updated", - "id": 11861, + "id": "11861", "kind": "event", "original": "{\"id\":11861,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.448+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -3892,7 +3892,7 @@ }, "event": { "action": "Workflow created", - "id": 11860, + "id": "11860", "kind": "event", "original": "{\"id\":11860,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.421+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Jira Service Management default workflow\",\"name\":\"ACC: Jira Service Management default workflow\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"ACC: Jira Service Management default workflow\"}]}", "type": "info" @@ -3958,7 +3958,7 @@ }, "event": { "action": "Workflow updated", - "id": 11859, + "id": "11859", "kind": "event", "original": "{\"id\":11859,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.329+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management Problem Management workflow was generated for Project ACC\"}]}", "type": "info" @@ -4020,7 +4020,7 @@ }, "event": { "action": "Workflow updated", - "id": 11858, + "id": "11858", "kind": "event", "original": "{\"id\":11858,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.310+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"}}", "type": "info" @@ -4075,7 +4075,7 @@ }, "event": { "action": "Workflow created", - "id": 11857, + "id": "11857", "kind": "event", "original": "{\"id\":11857,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.283+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Problem Management workflow for Jira Service Management\",\"name\":\"ACC: Problem Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"ACC: Problem Management workflow for Jira Service Management\"}]}", "type": "info" @@ -4141,7 +4141,7 @@ }, "event": { "action": "Workflow updated", - "id": 11856, + "id": "11856", "kind": "event", "original": "{\"id\":11856,\"summary\":\"Workflow updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:20aaaebb-1ee5-400a-af76-d2550b6363b3\",\"authorAccountId\":\"5e72548417c6640c385f2a16\",\"created\":\"2021-12-07T16:29:36.186+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ACC: Incident Management workflow for Jira Service Management\",\"name\":\"ACC: Incident Management workflow for Jira Service Management\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedFrom\":\"\",\"changedTo\":\"This Jira Service Management Incident Management workflow was generated for Project ACC\"}]}", "type": "info" @@ -4203,7 +4203,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11663, + "id": "11663", "kind": "event", "original": "{\"id\":11663,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:11.410+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10052\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Subtask\"}]}", "type": "info" @@ -4270,7 +4270,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11662, + "id": "11662", "kind": "event", "original": "{\"id\":11662,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:11.132+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10051\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Epic\"}]}", "type": "info" @@ -4337,7 +4337,7 @@ }, "event": { "action": "Workflow scheme added to project", - "id": 11661, + "id": "11661", "kind": "event", "original": "{\"id\":11661,\"summary\":\"Workflow scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.771+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10019\",\"name\":\"PEN: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"}]}", "type": "info" @@ -4397,7 +4397,7 @@ }, "event": { "action": "Workflow scheme created", - "id": 11660, + "id": "11660", "kind": "event", "original": "{\"id\":11660,\"summary\":\"Workflow scheme created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.754+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10019\",\"name\":\"PEN: Software Simplified Workflow Scheme\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"\"},{\"fieldName\":\"Name\",\"changedTo\":\"PEN: Software Simplified Workflow Scheme\"}]}", "type": "info" @@ -4463,7 +4463,7 @@ }, "event": { "action": "Workflow created", - "id": 11659, + "id": "11659", "kind": "event", "original": "{\"id\":11659,\"summary\":\"Workflow created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.744+0000\",\"category\":\"workflows\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"Software workflow for project 10018\",\"name\":\"Software workflow for project 10018\",\"typeName\":\"WORKFLOW\"},\"changedValues\":[{\"fieldName\":\"Name\",\"changedTo\":\"Software workflow for project 10018\"}]}", "type": "info" @@ -4525,7 +4525,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11658, + "id": "11658", "kind": "event", "original": "{\"id\":11658,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.473+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"\",\"changedTo\":\"PEN-10050\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"\",\"changedTo\":\"Task\"}]}", "type": "info" @@ -4592,7 +4592,7 @@ }, "event": { "action": "Field Configuration scheme updated", - "id": 11657, + "id": "11657", "kind": "event", "original": "{\"id\":11657,\"summary\":\"Field Configuration scheme updated\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.265+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Field Configuration\",\"changedFrom\":\"Default Field Configuration\",\"changedTo\":\"Field Layout for PEN\"},{\"fieldName\":\"Issue Type\",\"changedFrom\":\"Default\",\"changedTo\":\"Default\"}]}", "type": "info" @@ -4661,7 +4661,7 @@ }, "event": { "action": "Field Configuration scheme added to project", - "id": 11656, + "id": "11656", "kind": "event", "original": "{\"id\":11656,\"summary\":\"Field Configuration scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.174+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"}]}", "type": "info" @@ -4721,7 +4721,7 @@ }, "event": { "action": "Field Configuration scheme created", - "id": 11655, + "id": "11655", "kind": "event", "original": "{\"id\":11655,\"summary\":\"Field Configuration scheme created\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.146+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10015\",\"name\":\"Field Configuration Scheme for Project PEN\",\"typeName\":\"SCHEME\"},\"changedValues\":[{\"fieldName\":\"Description\",\"changedTo\":\"This Field Configuration Scheme was generated for Project PEN\"},{\"fieldName\":\"Name\",\"changedTo\":\"Field Configuration Scheme for Project PEN\"}]}", "type": "info" @@ -4788,7 +4788,7 @@ }, "event": { "action": "Issue Security scheme added to project", - "id": 11654, + "id": "11654", "kind": "event", "original": "{\"id\":11654,\"summary\":\"Issue Security scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.114+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10010\",\"name\":\"PEN: Simplified Issue Security Scheme\",\"typeName\":\"SCHEME\"}]}", "type": "info" @@ -4848,7 +4848,7 @@ }, "event": { "action": "Permission scheme added to project", - "id": 11653, + "id": "11653", "kind": "event", "original": "{\"id\":11653,\"summary\":\"Permission scheme added to project\",\"remoteAddress\":\"81.2.69.193\",\"authorKey\":\"ug:0613fc34-a1b3-4137-b06e-fd92c3094033\",\"authorAccountId\":\"5ff328f2a9d0300107c045a6\",\"created\":\"2021-11-18T10:58:10.062+0000\",\"category\":\"permissions\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"10018\",\"name\":\"Arcturus Assurance\",\"typeName\":\"PROJECT\"},\"associatedItems\":[{\"id\":\"10016\",\"name\":\"PEN: Simplified Permission Scheme\",\"typeName\":\"SCHEME\"}]}", "type": "info" @@ -4911,7 +4911,7 @@ "category": [ "iam" ], - "id": 11652, + "id": "11652", "kind": "event", "original": "{\"id\":11652,\"summary\":\"User updated\",\"created\":\"2021-11-17T16:00:37.374+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"name\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedFrom\":\"Active\",\"changedTo\":\"Inactive\"}],\"associatedItems\":[{\"id\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"name\":\"ug:870c3c4b-1f74-4fa2-a401-639ec53e9436\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -4958,7 +4958,7 @@ "category": [ "iam" ], - "id": 11651, + "id": "11651", "kind": "event", "original": "{\"id\":11651,\"summary\":\"User updated\",\"created\":\"2021-11-16T09:25:56.725+0000\",\"category\":\"user management\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"name\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"},\"changedValues\":[{\"fieldName\":\"Active / Inactive\",\"changedFrom\":\"Active\",\"changedTo\":\"Inactive\"}],\"associatedItems\":[{\"id\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"name\":\"ug:7759808b-4fa4-4053-a8f5-136c382be65a\",\"typeName\":\"USER\",\"parentId\":\"10000\",\"parentName\":\"IDP Directory\"}]}", "type": [ @@ -5002,7 +5002,7 @@ }, "event": { "action": "Custom field created", - "id": 11650, + "id": "11650", "kind": "event", "original": "{\"id\":11650,\"summary\":\"Custom field created\",\"created\":\"2021-11-16T08:48:05.867+0000\",\"category\":\"fields\",\"eventSource\":\"\",\"objectItem\":{\"id\":\"customfield_10072\",\"name\":\"Work category\",\"typeName\":\"CUSTOM_FIELD\"},\"changedValues\":[{\"fieldName\":\"Type\",\"changedTo\":\"Work category\"},{\"fieldName\":\"Description\",\"changedTo\":\"Jira system field that displays the category of work a specific issue belongs to.\"},{\"fieldName\":\"Name\",\"changedTo\":\"Work category\"}]}", "type": "info" diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml index c6719a76f36..1a6b150c77f 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -5,9 +5,10 @@ processors: field: _tmp.timestamp copy_from: json.created if: ctx.json?.created != null -- rename: +- convert: field: json.id target_field: event.id + type: string ignore_missing: true - rename: field: json.remoteAddress From 131d4b466f68c42914eec14082b5224246b51462 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 27 Apr 2022 19:14:51 -0400 Subject: [PATCH 30/30] atlassian_jira: update pipeline descriptions --- .../data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml | 2 +- .../data_stream/audit/elasticsearch/ingest_pipeline/default.yml | 2 +- .../audit/elasticsearch/ingest_pipeline/self-hosted.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml index 1a6b150c77f..ed5163554e9 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/cloud.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Atlassian Jira Cloud audit logs. processors: - set: field: _tmp.timestamp diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index a5b892d02e6..5d49a0899a2 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing Atlassian Jira audit logs. processors: - set: field: ecs.version diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml index 002f307c8c1..42914faaa62 100644 --- a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml +++ b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/self-hosted.yml @@ -1,5 +1,5 @@ --- -description: Pipeline for processing sample logs +description: Pipeline for processing self-hosted Atlassian Jira audit logs. processors: - set: field: _tmp.timestamp