T1213.001: Confluence

Data from MITRE ATT&CK®:

Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments alongside Atlassian JIRA, Confluence is generally used to store development-related documentation, however, in general may contain more diverse categories of useful information, such as:

• Policies, procedures, and standards
• Physical / logical network diagrams
• System architecture diagrams
• Technical system documentation
• Testing / development credentials
• Work / project schedules
• Source code snippets
• Links to network shares and other internal resources

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

User Account Management

Manage the creation, modification, use, and permissions associated to user accounts.

User Training

Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.

Audit

Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.

Application Log Content (Application Log)

Logging, messaging, and other artifacts provided by third-party services (ex: metrics, errors, and/or alerts from mail/web applications)

Logon Session Creation (Logon Session)

Initial construction of a successful new user logon following an authentication attempt. (e.g. Windows EID 4624, /var/log/utmp, or /var/log/wmtp)