Atlassian actions by a likely malicious caller
Description
AlphaSOC detected suspicious Atlassian actions performed by a likely malicious caller. This may indicate that the request originated from an IP address listed on known blocklists or that the potential use of penetration testing tools or anonymous proxies like Tor or Freenet was identified.
Impact
This activity could indicate an ongoing attack on Atlassian services, potentially leading to unauthorized access to sensitive information, data exfiltration, or further lateral movement within the environment.
Severity
| Severity | Condition |
|---|---|
Medium | Atlassian actions by a likely malicious caller |
Investigation and Remediation
Temporarily disable or restrict access for the suspicious account. Review the Atlassian audit logs to identify the specific actions taken by the suspicious caller. Verify whether these actions were authorized and performed by a legitimate user. If unauthorized, reset affected credentials and conduct a thorough security audit of the Atlassian environment for other signs of potential compromise.