Atlassian admin API key created
Description
AlphaSOC detected the creation of an Atlassian admin API key. This action grants elevated access to Atlassian products and services, and may indicate potential compromise of administrative credentials.
Impact
Threat actors may create an API key to gain persistent access to the environment, potentially allowing them to manipulate data, access sensitive information, modify configurations, or perform other malicious actions within Atlassian products such as Jira and Confluence.
Severity
| Severity | Condition |
|---|---|
Low | Atlassian admin API key created |
Investigation and Remediation
Review the Atlassian audit logs to identify who created this API key and verify whether this action was authorized. If unauthorized, revoke the API token, reset affected admin credentials, and conduct a thorough security audit of the environment.