Jira actions by a likely malicious caller
Description
AlphaSOC detected suspicious Jira actions performed by a likely malicious caller. This may indicate that the request originated from an IP address listed on known blocklists or that the potential use of penetration testing tools or anonymous proxies like Tor or Freenet was identified.
Impact
This activity could indicate an ongoing attack on Jira workspaces, potentially leading to unauthorized access to sensitive information, data exfiltration, or further lateral movement within the environment.
Severity
| Severity | Condition |
|---|---|
Medium | Jira actions by a likely malicious caller |
Investigation and Remediation
Temporarily disable or restrict access for the suspicious account. Review the Jira audit logs to identify the specific actions taken by the suspicious caller. Verify whether these actions were authorized and performed by a legitimate user. If unauthorized, reset affected credentials and conduct a thorough security audit of the Jira environment for other signs of potential compromise.