Confluence global setting modified
Description
AlphaSOC detected that a Confluence global setting was modified. Global settings control various system-wide configurations. Threat actors who gain administrative access may modify these settings to weaken security controls or establish persistence.
Impact
Unauthorized modification of global settings could potentially indicate that a threat actor has obtained administrative privileges and is attempting to disable security features, modify authentication mechanisms, or create backdoors for persistent access.
Severity
| Severity | Condition |
|---|---|
Low | Confluence global setting modified |
Investigation and Remediation
Review the Confluence audit logs to identify which global settings were modified and who modified them. Verify whether the changes were authorized. If unauthorized, revert the settings to their previous state, reset administrative credentials, and conduct a thorough security assessment of the Confluence environment to identify any additional compromises or persistence mechanisms.