• Products
  • Documentation
  • Resources
Products
Documentation
Resources
Atlassian Support
/
Security and access policies Resources
/
Detect, investigate, and respond to threats

How does automation work with Guard Detect?

Every organization will have their own workflow for investigating and responding to alerts. While some responses require your security team to make a judgment call, others might be automated.

Here are some actions that you might automate for a content scanning alert:

  • Classify the page that contains sensitive data so that data security controls such as limiting public links and anonymous access apply to that content.

  • Restrict the page and send an email to the actor to explain your company's policy on sensitive data.

  • Create a Jira ticket to track the next steps for cleaning up the data.

Thanks to the huge number of actions and conditions available in Confluence automation, the possibilities are endless.

Who can do this?
Role: Organization admin, Guard Detect admin
Plan: Atlassian Guard Premium and Confluence Premium or Enterprise

How it works

At their simplest, automation rules consist of a trigger and an action. When the criteria for the trigger is met, the rule runs and performs the action.

The Content scanning alert trigger allows you to perform actions when a content scanning alert is generated by Guard Detect.

For example, someone edits a page and adds sensitive content. Guard Detect generates an alert. Confluence automation recognizes that an alert has happened and runs the automation rule. The rule classifies the page and adds a comment.

Diagram showing content detected on a page, an alert sent, automation rule run, then action performed on the page

Automation rule components

We leverage Confluence automation to provide the ability to include automation in your alert investigation and response workflow.

Triggers

One trigger is available for Guard Detect.

The Content scanning alert trigger recognizes when a content scanning alert is generated for a page or blog post in the current Confluence instance. You can configure it for all content scanning alerts or only specific content scanning alerts.

Triggers in Confluence automation

Actions

You can use any action available in Confluence automation. Common actions include restrict page, comment on page, send email, classify page, move page, or create Jira issue.

Actions in Confluence automation

Smart values

Smart values are an incredibly powerful feature that allows you to use data from the alert in different ways, such as in a condition or in an action that supports smart values.

For example, an action that adds a comment to the page could mention the actor and include the type of content detected.

1 2 3 4 Hi @{{detectAlert.actor.displayName}}, Sensitive data such as {{detectAlert.detection.title}} cannot be stored in this Confluence space. See our data storage policy for more information.

The content scanning alert trigger includes many smart values, and you can also use smart values for the Confluence page itself.

Smart values in Confluence automation

Conditions and branches

Conditions and branches are optional components that allow you to create more sophisticated rules by limiting the scope or introducing multiple paths.

We recommend you follow the Confluence best practices for optimizing automation rules.

Considerations

There are some things to consider when planning your automation approach.

Rules are created in Confluence instances

There’s not currently a way to create an automation rule that applies to more than one Confluence product instance. If you have multiple Confluence instances, you’ll need to recreate your rule in every Confluence product instance.

To help with this, we recommend you set up your rule in one Confluence instance, test it for a few days, and then export the rule and import it into your other Confluence instances.

How to edit, copy, and delete automation rules in Confluence cloud

Permissions required

Automation rules run on behalf of the user who created them (the rule actor). When a rule is run, if the rule actor doesn’t have adequate product or space permissions to perform the action, the rule will fail.

For example, if your rule adds a comment to a page, the rule actor will need the ‘Add comment’ space permission for content in the rule scope.

If you plan to create a global rule (which applies to an entire Confluence instance), you may want to use a specifically created account that has greater permissions than your security team members to ensure the rule always runs without errors, and your team does not have access to content they shouldn’t.

Impact of page restrictions

The automation rule will run, even if page restrictions prevent the rule actor from viewing the page. If this happens, some smart values may be unavailable because the automation rule can’t access all of the page details.

The automation audit log will indicate where the rule ran for a page that the rule actor had no access to.

Automation usage and service limits apply

Depending on your Confluence plan, you may be subject to usage limits, which determine how many times rules can be run per month, and service limits, which control things like how many emails can be sent, and maximum daily processing time.

These limits are based on your Confluence plan, not your Atlassian Guard plan.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageHow it works Automation rule componentsTriggersActionsSmart valuesConditions and branchesConsiderationsRules are created in Confluence instancesPermissions requiredImpact of page restrictionsAutomation usage and service limits apply
CommunityQuestions, discussions, and articles