LoFP / access attempts to non-existent repositories or due to outdated plugins. usually \"anonymous\" user is reported in the \"author.name\" field in most cases.

Techniques

• t1586

Sample rules

Bitbucket Unauthorized Access To A Resource

• source: sigma
• technicques:
  • t1586

Description

Detects unauthorized access attempts to a resource.

Detection logic

condition: selection
selection:
  auditType.action: Unauthorized access to a resource
  auditType.category: Security