Atlassian Jira

Collect logs from Atlassian Jira with Elastic Agent.

Version
1.27.2 (View all)
Compatible Kibana version(s)
8.13.0 or higher
Supported Serverless project types

Security
Observability
Subscription level
Basic
Level of support
Community

The Jira integration collects audit logs from the audit log files or the audit API.

Authentication Set-Up

When setting up the Atlassian Jira Integration for Atlassian Cloud you will need to use the "Jira User Identifier" and "Jira API Token" fields in the integration configuration. These will allow connection to the Atlassian Cloud REST API via Basic Authentication.

If you are using a self-hosted instance, you will be able to use either the "Jira User Identifier" and "Jira API Token" fields above, or use the "Personal Access Token" field to authenticate with a PAT. If the "Personal Access Token" field is set in the configuration, it will take precedence over the User ID/API Token fields.

Logs

Audit

The Jira integration collects audit logs from the audit log files or the audit API from self hosted Jira Data Center. It has been tested with Jira 8.20.2 but is expected to work with newer versions. As of version 1.2.0, this integration added experimental support for Atlassian JIRA Cloud. JIRA Cloud only supports Basic Auth using username and a Personal Access Token.

Exported fields

FieldDescriptionType
@timestamp
Event timestamp.
date
cloud.image.id
Image ID for the cloud instance.
keyword
data_stream.dataset
Data stream dataset.
constant_keyword
data_stream.namespace
Data stream namespace.
constant_keyword
data_stream.type
Data stream type.
constant_keyword
event.dataset
Event dataset
constant_keyword
event.module
Event module
constant_keyword
host.containerized
If the host is a container.
boolean
host.os.build
OS build information.
keyword
host.os.codename
OS codename, if any.
keyword
input.type
Input type
keyword
jira.audit.affected_objects
Affected Objects
flattened
jira.audit.changed_values
Changed Values
flattened
jira.audit.extra_attributes
Extra Attributes
flattened
jira.audit.method
Method
keyword
jira.audit.type.action
Action
keyword
jira.audit.type.actionI18nKey
actionI18nKey
keyword
jira.audit.type.area
Area
keyword
jira.audit.type.category
Category
keyword
jira.audit.type.categoryI18nKey
categoryI18nKey
keyword
jira.audit.type.level
Audit Level
keyword
log.offset
Log offset
long

An example event for audit looks as following:

{
    "@timestamp": "2021-11-22T00:05:08.514Z",
    "agent": {
        "ephemeral_id": "4a05fc27-d72e-43ab-aa6e-e19105807ecd",
        "id": "cdda426a-7e47-48c4-b2f5-b9f1ad5bf08a",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "8.8.0"
    },
    "data_stream": {
        "dataset": "atlassian_jira.audit",
        "namespace": "ep",
        "type": "logs"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "cdda426a-7e47-48c4-b2f5-b9f1ad5bf08a",
        "snapshot": true,
        "version": "8.8.0"
    },
    "event": {
        "action": "jira.auditing.group.created",
        "agent_id_status": "verified",
        "category": [
            "iam"
        ],
        "dataset": "atlassian_jira.audit",
        "ingested": "2023-05-09T21:23:48Z",
        "kind": "event",
        "original": "{\"affectedObjects\":[{\"name\":\"jira-software-users\",\"type\":\"GROUP\"}],\"auditType\":{\"action\":\"Group created\",\"actionI18nKey\":\"jira.auditing.group.created\",\"area\":\"USER_MANAGEMENT\",\"category\":\"group management\",\"categoryI18nKey\":\"jira.auditing.category.groupmanagement\",\"level\":\"BASE\"},\"author\":{\"id\":\"-2\",\"name\":\"Anonymous\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[],\"method\":\"Browser\",\"source\":\"10.50.33.72\",\"system\":\"http://jira.internal:8088\",\"timestamp\":{\"epochSecond\":1637539508,\"nano\":514000000},\"version\":\"1.0\"}",
        "type": [
            "group",
            "creation"
        ]
    },
    "group": {
        "name": "jira-software-users"
    },
    "host": {
        "architecture": "x86_64",
        "containerized": true,
        "hostname": "docker-fleet-agent",
        "id": "cff3d165179d4aef9596ddbb263e3adb",
        "ip": [
            "172.23.0.7"
        ],
        "mac": [
            "02-42-AC-17-00-07"
        ],
        "name": "docker-fleet-agent",
        "os": {
            "codename": "focal",
            "family": "debian",
            "kernel": "5.10.47-linuxkit",
            "name": "Ubuntu",
            "platform": "ubuntu",
            "type": "linux",
            "version": "20.04.5 LTS (Focal Fossa)"
        }
    },
    "input": {
        "type": "log"
    },
    "jira": {
        "audit": {
            "affected_objects": [
                {
                    "name": "jira-software-users",
                    "type": "GROUP"
                }
            ],
            "method": "Browser",
            "type": {
                "action": "Group created",
                "actionI18nKey": "jira.auditing.group.created",
                "area": "USER_MANAGEMENT",
                "category": "group management",
                "categoryI18nKey": "jira.auditing.category.groupmanagement",
                "level": "BASE"
            }
        }
    },
    "log": {
        "file": {
            "path": "/tmp/service_logs/test-audit.log"
        },
        "offset": 0
    },
    "related": {
        "hosts": [
            "jira.internal"
        ],
        "ip": [
            "10.50.33.72"
        ],
        "user": [
            "Anonymous"
        ]
    },
    "service": {
        "address": "http://jira.internal:8088"
    },
    "source": {
        "address": "10.50.33.72",
        "ip": "10.50.33.72"
    },
    "tags": [
        "preserve_original_event",
        "jira-audit"
    ],
    "user": {
        "id": "-2",
        "name": "Anonymous"
    }
}

Changelog

VersionDetailsKibana version(s)

1.27.2

Bug fix View pull request
Use triple-brace Mustache templating when referencing variables in ingest pipelines.

8.13.0 or higher

1.27.1

Bug fix View pull request
Use triple-brace Mustache templating when referencing variables in ingest pipelines.

8.13.0 or higher

1.27.0

Enhancement View pull request
Allow @custom pipeline access to event.original without setting preserve_original_event.

8.13.0 or higher

1.26.0

Enhancement View pull request
Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.25.0

Enhancement View pull request
Improve handling of empty responses.

8.12.0 or higher

1.24.0

Enhancement View pull request
Set sensitive values as secret.

8.12.0 or higher

1.23.2

Enhancement View pull request
Changed owners

8.7.1 or higher

1.23.1

Bug fix View pull request
Fix exclude_files pattern.

8.7.1 or higher

1.23.0

Enhancement View pull request
Limit request tracer log count to five.

8.7.1 or higher

1.22.0

Enhancement View pull request
ECS version updated to 8.11.0.

8.7.1 or higher

1.21.0

Enhancement View pull request
Improve 'event.original' check to avoid errors if set.

8.7.1 or higher

1.20.0

Enhancement View pull request
Set 'community' owner type.

8.7.1 or higher

1.19.1

Bug fix View pull request
Add stop condition for Jira Cloud pagination.

8.7.1 or higher

1.19.0

Enhancement View pull request
ECS version updated to 8.10.0.

8.7.1 or higher

1.18.0

Enhancement View pull request
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest.

8.7.1 or higher

1.17.0

Enhancement View pull request
Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

8.7.1 or higher

1.16.1

Bug fix View pull request
Ensure from/to timestamps are properly encoded.

8.7.1 or higher

1.16.0

Enhancement View pull request
Add ability to set condition for logfile logs.

8.7.1 or higher

1.15.0

Enhancement View pull request
Update package to ECS 8.9.0.

8.7.1 or higher

1.14.0

Enhancement View pull request
Document duration units.

8.7.1 or higher

1.13.0

Enhancement View pull request
Document valid duration units.

8.7.1 or higher

1.12.0

Enhancement View pull request
Ensure event.kind is correctly set for pipeline errors.

8.7.1 or higher

1.11.0

Enhancement View pull request
Update package to ECS 8.8.0.

8.7.1 or higher

1.10.0

Enhancement View pull request
Add a new flag to enable request tracing

8.7.1 or higher

1.9.0

Enhancement View pull request
Update package-spec version to 2.7.0.

7.16.0 or higher
8.0.0 or higher

1.8.0

Enhancement View pull request
Update package to ECS 8.7.0.

7.16.0 or higher
8.0.0 or higher

1.7.1

Enhancement View pull request
Added categories and/or subcategories.

7.16.0 or higher
8.0.0 or higher

1.7.0

Enhancement View pull request
Update package to ECS 8.6.0.

7.16.0 or higher
8.0.0 or higher

1.6.1

Bug fix View pull request
Fix handling of messages with no events.

7.16.0 or higher
8.0.0 or higher

1.6.0

Enhancement View pull request
Update package to ECS 8.5.0.

7.16.0 or higher
8.0.0 or higher

1.5.2

Enhancement View pull request
Use ECS geo.location definition.

7.16.0 or higher
8.0.0 or higher

1.5.1

Bug fix View pull request
Clarify basic authentication config options.

7.16.0 or higher
8.0.0 or higher

1.5.0

Enhancement View pull request
Update package to ECS 8.4.0

7.16.0 or higher
8.0.0 or higher

1.4.1

Bug fix View pull request
Fix proxy URL documentation rendering.

7.16.0 or higher
8.0.0 or higher

1.4.0

Enhancement View pull request
Update package to ECS 8.3.0.

7.16.0 or higher
8.0.0 or higher

1.3.0

Enhancement View pull request
Add support for Atlassian JIRA Cloud

7.16.0 or higher
8.0.0 or higher

1.2.0

Enhancement View pull request
Update to ECS 8.2

7.16.0 or higher
8.0.0 or higher

1.1.2

Enhancement View pull request
Update Readme

7.16.0 or higher
8.0.0 or higher

1.1.1

Enhancement View pull request
Add documentation for multi-fields

7.16.0 or higher
8.0.0 or higher

1.1.0

Enhancement View pull request
Update to ECS 8.0

7.16.0 or higher
8.0.0 or higher

1.0.1

Bug fix View pull request
Regenerate test files using the new GeoIP database

7.16.0 or higher
8.0.0 or higher

1.0.0

Enhancement View pull request
Initial draft of the package

7.16.0 or higher
8.0.0 or higher