Atlassian Bitbucket

Collect logs from Atlassian Bitbucket with Elastic Agent.

Version
2.2.2 (View all)
Compatible Kibana version(s)
8.13.0 or higher
Supported Serverless project types

Security
Observability
Subscription level
Basic
Level of support
Community

The Bitbucket integration collects audit logs from the audit log files or the audit API.

For more information on auditing in Bitbucket and how it can be configured, see View and configure the audit log on Atlassian's website.

Logs

Audit

The Bitbucket integration collects audit logs from the audit log files or the audit API from self hosted Bitbucket Data Center. It has been tested with Bitbucket 7.18.1 but is expected to work with newer versions. This has not been tested with Bitbucket Cloud and is not expected to work.

Exported fields

FieldDescriptionType
@timestamp
Event timestamp.
date
bitbucket.audit.affected_objects
Affected Objects
flattened
bitbucket.audit.changed_values
Changed Values
flattened
bitbucket.audit.extra_attributes
Extra Attributes
flattened
bitbucket.audit.method
Method
keyword
bitbucket.audit.type.action
Action
keyword
bitbucket.audit.type.actionI18nKey
actionI18nKey
keyword
bitbucket.audit.type.area
Area
keyword
bitbucket.audit.type.category
Category
keyword
bitbucket.audit.type.categoryI18nKey
categoryI18nKey
keyword
bitbucket.audit.type.level
Audit Level
keyword
cloud.image.id
Image ID for the cloud instance.
keyword
data_stream.dataset
Data stream dataset.
constant_keyword
data_stream.namespace
Data stream namespace.
constant_keyword
data_stream.type
Data stream type.
constant_keyword
event.dataset
Event dataset
constant_keyword
event.module
Event module
constant_keyword
host.containerized
If the host is a container.
boolean
host.os.build
OS build information.
keyword
host.os.codename
OS codename, if any.
keyword
input.type
Input type
keyword
log.offset
Log offset
long

An example event for audit looks as following:

{
    "@timestamp": "2021-11-27T18:10:57.316Z",
    "agent": {
        "ephemeral_id": "c1c6859f-88f5-4ae8-ad40-5c0c9fe933d1",
        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "8.0.0-beta1"
    },
    "bitbucket": {
        "audit": {
            "affected_objects": [
                {
                    "id": "3",
                    "name": "AT",
                    "type": "PROJECT"
                }
            ],
            "extra_attributes": [
                {
                    "name": "target",
                    "nameI18nKey": "bitbucket.audit.attribute.legacy.target",
                    "value": "AT"
                }
            ],
            "method": "Browser",
            "type": {
                "action": "Project created",
                "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated",
                "category": "Projects",
                "categoryI18nKey": "bitbucket.service.audit.category.projects"
            }
        }
    },
    "data_stream": {
        "dataset": "atlassian_bitbucket.audit",
        "namespace": "ep",
        "type": "logs"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
        "snapshot": false,
        "version": "8.0.0-beta1"
    },
    "event": {
        "action": "bitbucket.service.project.audit.action.projectcreated",
        "agent_id_status": "verified",
        "category": [
            "configuration"
        ],
        "created": "2021-12-24T00:39:23.076Z",
        "dataset": "atlassian_bitbucket.audit",
        "ingested": "2021-12-24T00:39:24Z",
        "kind": "event",
        "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"author\":{\"avatarUri\":\"\",\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\",\"uri\":\"http://bitbucket.internal:7990/users/admin\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":\"2021-11-27T18:10:57.316Z\",\"type\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\"}}",
        "type": [
            "creation"
        ]
    },
    "input": {
        "type": "httpjson"
    },
    "related": {
        "hosts": [
            "bitbucket.internal"
        ],
        "ip": [
            "10.100.100.2"
        ],
        "user": [
            "admin"
        ]
    },
    "service": {
        "address": "http://bitbucket.internal:7990"
    },
    "source": {
        "address": "10.100.100.2",
        "ip": "10.100.100.2"
    },
    "tags": [
        "preserve_original_event",
        "forwarded",
        "bitbucket-audit"
    ],
    "user": {
        "id": "2",
        "name": "admin"
    }
}

Changelog

VersionDetailsKibana version(s)

2.2.2

Bug fix View pull request
Use triple-brace Mustache templating when referencing variables in ingest pipelines.

8.13.0 or higher

2.2.1

Bug fix View pull request
Use triple-brace Mustache templating when referencing variables in ingest pipelines.

8.13.0 or higher

2.2.0

Enhancement View pull request
Allow @custom pipeline access to event.original without setting preserve_original_event.

8.13.0 or higher

2.1.0

Enhancement View pull request
Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

2.0.0

Enhancement View pull request
Make event.type field conform to ECS field definition.

8.12.0 or higher

1.23.0

Enhancement View pull request
Set sensitive values as secret.

8.12.0 or higher

1.22.2

Enhancement View pull request
Changed owners

8.7.1 or higher

1.22.1

Bug fix View pull request
Fix exclude_files pattern.

8.7.1 or higher

1.22.0

Enhancement View pull request
Limit request tracer log count to five.

8.7.1 or higher

1.21.0

Enhancement View pull request
ECS version updated to 8.11.0.

8.7.1 or higher

1.20.0

Enhancement View pull request
Improve 'event.original' check to avoid errors if set.

8.7.1 or higher

1.19.0

Enhancement View pull request
Set 'community' owner type.

8.7.1 or higher

1.18.0

Enhancement View pull request
ECS version updated to 8.10.0.

8.7.1 or higher

1.17.0

Enhancement View pull request
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest.

8.7.1 or higher

1.16.0

Enhancement View pull request
Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

8.7.1 or higher

1.15.0

Enhancement View pull request
Add ability to set condition for logfile logs.

8.7.1 or higher

1.14.0

Enhancement View pull request
Update package to ECS 8.9.0.

8.7.1 or higher

1.13.0

Enhancement View pull request
Document duration units.

8.7.1 or higher

1.12.0

Enhancement View pull request
Document valid duration units.

8.7.1 or higher

1.11.0

Enhancement View pull request
Ensure event.kind is correctly set for pipeline errors.

8.7.1 or higher

1.10.0

Enhancement View pull request
Update package to ECS 8.8.0.

8.7.1 or higher

1.9.0

Enhancement View pull request
Add a new flag to enable request tracing

8.7.1 or higher

1.8.0

Enhancement View pull request
Update package-spec version to 2.7.0.

7.16.0 or higher
8.0.0 or higher

1.7.0

Enhancement View pull request
Update package to ECS 8.7.0.

7.16.0 or higher
8.0.0 or higher

1.6.1

Enhancement View pull request
Added categories and/or subcategories.

7.16.0 or higher
8.0.0 or higher

1.6.0

Enhancement View pull request
Update package to ECS 8.6.0.

7.16.0 or higher
8.0.0 or higher

1.5.1

Bug fix View pull request
Fix handling of messages with no events.

7.16.0 or higher
8.0.0 or higher

1.5.0

Enhancement View pull request
Update package to ECS 8.5.0.

7.16.0 or higher
8.0.0 or higher

1.4.1

Enhancement View pull request
Use ECS geo.location definition.

7.16.0 or higher
8.0.0 or higher

1.4.0

Enhancement View pull request
Update package to ECS 8.4.0

7.16.0 or higher
8.0.0 or higher

1.3.1

Bug fix View pull request
Fix proxy URL documentation rendering.

7.16.0 or higher
8.0.0 or higher

1.3.0

Enhancement View pull request
Update package to ECS 8.3.0.

7.16.0 or higher
8.0.0 or higher

1.2.2

Bug fix View pull request
Add correct field mapping for event.created

1.2.1

Enhancement View pull request
Update Readme

7.16.0 or higher
8.0.0 or higher

1.2.0

Enhancement View pull request
Update to ECS 8.2

1.1.1

Enhancement View pull request
Add documentation for multi-fields

7.16.0 or higher
8.0.0 or higher

1.1.0

Enhancement View pull request
Update to ECS 8.0

7.16.0 or higher
8.0.0 or higher

1.0.1

Bug fix View pull request
Regenerate test files using the new GeoIP database

7.16.0 or higher
8.0.0 or higher

1.0.0

Enhancement View pull request
Initial draft of the package

7.16.0 or higher
8.0.0 or higher