We’re renaming ‘products’ to ‘apps’

Atlassian 'products’ are now ‘apps’. You may see both terms used across our documentation as we roll out this terminology change. Here’s why we’re making this change

How does automation work with Guard Detect?

Every organization will have their own workflow for investigating and responding to alerts. While some responses require your security team to make a judgment call, others might be automated.

Here are some actions that you might automate for a content scanning alert:

Classify the page that contains sensitive data so that data security controls such as limiting public links and anonymous access apply to that content.
Restrict the page and send an email to the actor to explain your company's policy on sensitive data.
Create a Jira ticket to track the next steps for cleaning up the data.

Thanks to the huge number of actions and conditions available in Confluence automation, the possibilities are endless.

Who can do this?
Role: Organization admin, Guard Detect admin
Atlassian Cloud: Atlassian Guard Premium, Confluence Premium or Enterprise, and Jira Premium or Enterprise
Atlassian Government Cloud: Not available

How it works

At their simplest, automation rules consist of a trigger and an action. When the criteria for the trigger is met, the rule runs and performs the action.

The Content scanning alert trigger allows you to perform actions when a content scanning alert is generated by Guard Detect.

For example, someone edits a page and adds sensitive content. Guard Detect generates an alert. Confluence or Jira automation recognizes that an alert has happened and runs the automation rule. The rule classifies the page and adds a comment.

Diagram showing content detected on a page, an alert sent, automation rule run, then action performed on the page

Automation rule components

We leverage Confluence and Jira automation to provide the ability to include automation in your alert investigation and response workflow.

Triggers

Two triggers are available for Guard Detect.

The Content scanning alert for Confluence trigger recognizes when a content scanning alert is generated for a page or blog post in the current Confluence instance. Triggers in Confluence automation
The Content scanning alert for Jira trigger recognizes when a content scanning alert is generated for a Jira work item in the current Jira instance. Jira automation triggers

You can configure these triggers for all content scanning alerts or only specific content scanning alerts.

Actions

You can use any action available in Confluence or Jira automation. Common actions include comment on a page or work item, send an email, classify a page or work item, restrict page, move page, or create new Jira work item.

Confluence automation actions

Jira automation actions

Smart values

Smart values are an incredibly powerful feature that allows you to use data from the alert in different ways, such as in a condition or in an action that supports smart values.

For example, an action that adds a comment to the page could mention the actor and include the type of content detected.

Hi @{{detectAlert.actor.displayName}},
Sensitive data such as {{detectAlert.detection.title}} 
cannot be stored in this Confluence space. 
See our data storage policy for more information.

The content scanning alert trigger includes many smart values, and you can also use smart values for the Confluence page or Jira work item itself.

Automation smart values - content scanning alerts

Full list of smart values in Confluence automation

Full list of smart values in Jira automation

Conditions and branches

Conditions and branches are optional components that allow you to create more sophisticated rules by limiting the scope or introducing multiple paths.

We recommend you follow the best practices for optimizing automation rules.

Considerations

There are some things to consider when planning your automation approach.

Rules are created in individual instances

There’s not currently a way to create an automation rule that applies to more than one product instance. For example, if you have multiple Confluence instances, you’ll need to recreate your rule in every Confluence product instance.

To help with this, we recommend you set up your rule in one Confluence or Jira instance, test it for a few days, and then export the rule and import it into your other instances.

How to edit, copy, and delete automation rules in Confluence cloud

Permissions required

Automation rules run on behalf of the user who created them (the rule actor). When a rule is run, if the rule actor doesn’t have adequate product or space permissions to perform the action, the rule will fail.

For example, if your rule adds a comment to a page, the rule actor will need the ‘Add comment’ space permission for content in the rule scope.

If you plan to create a global rule (which applies to an entire instance), you may want to use a specifically created account that has greater permissions than your security team members to ensure the rule always runs without errors, and your team does not have access to content they shouldn’t.

Impact of Confluence page restrictions

The automation rule will run, even if page restrictions prevent the rule actor from viewing the page. If this happens, some smart values may be unavailable because the automation rule can’t access all of the page details.

The automation audit log will indicate where the rule ran for a page that the rule actor had no access to.

Automation usage and service limits apply

Depending on your Confluence or Jira plan, you may be subject to usage limits, which determine how many times rules can be run per month, and service limits, which control things like how many emails can be sent, and maximum daily processing time.

These limits are based on your Confluence or Jira plan, not your Atlassian Guard plan.

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community