Confluence space exported
Description
AlphaSOC detected that a Confluence space was exported. This action creates a downloadable archive containing all pages, attachments, and content within a space. While this is a legitimate administrative function, threat actors may leverage space exports to exfiltrate large volumes of organizational data in a single operation.
Impact
An unauthorized Confluence space export could result in the disclosure of the entire knowledge base, including confidential documentation, intellectual property, and other sensitive information. This action may lead to data exfiltration or further lateral movement within the organization.
Severity
| Severity | Condition |
|---|---|
Low | Confluence space exported |
Investigation and Remediation
Review Confluence audit logs to verify whether the space export was authorized and identify the user account that initiated the export. If unauthorized, disable the compromised account, revoke all active sessions, and conduct a comprehensive security assessment to determine what sensitive information may have been exposed.