Confluence
Protect your Confluence content. Real-time, blazing fast scanning of pages, comments and even attachments!
Setup
Since Spectral never keeps your secrets and content, we provide an AWS lambda function that you deploy in your organization's AWS account.
Required permissions in AWS:
cloudformation:DescribeStacks
iam:CreateRole
iam:DeleteRole
apigateway:POST
logs:CreateLogGroup
iam:PutRolePolicy
In addition, you'll add a Confluence webhook to send relevant events to this lambda.
Deploy the Lambda
After the stack is deployed grab the function gateway api URL, we'll use it next.
Add Confluence Webhook
Go to your Confluence instance and install the webhooks manager extension (costs 1$ per user per month)
Add a new webhook in the webhook manager (change YOUR_ACCOUNT to your instance domain in this url: https://YOUR_ACCOUNT.atlassian.net/wiki/plugins/servlet/ac/com.stiltsoft.confluence.cloud.webhooks/admin-webhooks-page)
Make sure to configure:
- Webhook url to point to your function endpoint (see in your new lambda page in AWS console after deploying)
- Add a query string param:
webhook_tokenand set it to the same webhook token you put in theCONFLUENCE_WEBHOOK_TOKENparameter in your function - Set the event types of the webhook to: attachment created, comment created, comment updated, page created, page updated, content created, content updated
So for example if your confluence event endpoint is https://random123.execute-api.us-east-1.amazonaws.com/prod/api/confluence_event and the token you set in your function env var is f4lmf4kl2ldoxxxxxx, the webhook url you configure in Confluence should be: https://random123.execute-api.us-east-1.amazonaws.com/prod/api/confluence_event?webhook_token=f4lmf4kl2ldoxxxxxx
That's it πͺ
Your Confluence instance should now be monitored by Spectral.
Take it for a spin
Publish a page with a fake secret (like AKIA4HK52OLF2AAN9KWV) in a monitored space.
Updated about 1 year ago