SaaS Security Administrator's Guide
    : Begin Scanning a Confluence App
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Secure Sanctioned SaaS Apps on Data Security
    6. Add Cloud Apps to Data Security
    7. Begin Scanning a Confluence App
    Download PDF

    SaaS Security Administrator's Guide

    Begin Scanning a Confluence App

    Table of Contents

    Begin Scanning a Confluence App

    Add your Confluence app to Data Security to begin scanning and monitoring assets for possible security risks.
    To connect a Confluence app to Data Security and begin scanning assets, you need to:
    • Retrieve the Data Security public key required to create the application links.
    • Configure the application links required for authentication and communication between Data Security and your Confluence account.
    • Add the Confluence app to Data Security.
    Support for automated remediation capabilities varies by SaaS application.

    Prepare To Add Confluence App

    Before you begin, verify that you have the correct permissions and follow any recommendations to ensure an efficient and successful onboarding. By default, the site-admins group or administrators group on Confluence provides the necessary permissions to onboard the Confluence app.
    1. (Recommended) Add your Confluence domain as an internal domain.
    2. Verify that your Confluence account has Administrator permissions.

    Retrieve Data Security Public Key

    Before you can create application links to connect your Confluence account to Data Security, you must retrieve the public key from Data Security for the Confluence app. You will enter this public key in the Confluence web interface when you configure the application links.
    1. Log in to SaaS Security.
    2. Select Add a Cloud AppConfluenceClick here to prepare your Confluence Account, then record the Public Key.

    Configure the Application Links

    Before you can add the Confluence app, you must prepare your Confluence account to connect to Data Security. As you do so, take note of the following values, as they are required to add the Confluence app on Data Security:
    Item
    Description
    Confluence URL
    URL you use to log in to your Confluence cloud account. For example, https://acmecorp.atlassian.net/wiki
    Application URL
    URL (https://aperture.paloaltonetworks.com) to which you will map the Confluence URL.
    Consumer Key
    Key you assign in Confluence and that’s used by Data Security to authenticate and make secure API calls to Confluence.
    Consumer Name
    Descriptive name you assign in Confluence for the Consumer Key.
    Public Key
    Data Security public key for Confluence app. Public key displays in the Data Security web interface as outlined in Retrieve Data Security Public Key.
    1. Log in to your Confluence cloud account with Administrator permissions (for example, https://acmecorp.atlassian.net/).
    2. Select AppsManage appsData ManagementApplication Links.
    3. In Configure Application Links, enter Application URL https://aperture.paloaltonetworks.com, and then Create new Link.
    4. Select Use this URL, then Continue.
    5. Enter Data Security in Application Name, select Confluence in Application Type, select Create incoming Link to link Confluence URL to the Data Security Application URL, then Continue.
    6. Enter any value for Consumer Key, Consumer Name, and Public Key to enable Data Security to authenticate and make secure API calls to Confluence.
      Take note of the Consumer Key you assign because you will need this value when you add the Confluence app to Data Security.
      • Both Consumer Key and Consumer Name must be unique. Atlassian defines the valid values (characters and length), not Data Security. The Confluence web interface informs you if your values don't comply with Atlassian’s convention.
      • Public Key is the key you recorded in Retrieve Data Security Public Key.
    7. Edit the Application Link in Connections to set the Incoming option to OAuth and Save your setting changes.
    8. Next step: Proceed to Add Confluence App.

    Add Confluence App

    Before you add the Confluence app, you must Configure the Application Links.
    1. Log in to your Confluence cloud account (for example, https://acmecorp.atlassian.net/) with administrator privileges. From SaaS Security, go to Data SecurityApplicationsAdd ApplicationConfluence .
    2. In Configuration enter the Confluence URL—the URL that you use to log in to your Confluence cloud account—and the Consumer Key that you recorded in Configure the Application Links.
    3. Click OK.
    4. Allow Data Security access to your Confluence account.
      Data Security adds the new Confluence app to the Cloud Apps list as Confluence n, where n is the number of Confluence app instances that you connected to Data Security. For example, if you added one Confluence app, the name displays as Confluence 1 . You’ll specify a descriptive name soon.
      Congratulations—you’ve completed the onboarding process.
    5. Next step: Proceed to Identify Risks and begin scanning your assets.

    Identify Risks

    When you add a new cloud app and enable scanning, Data Security automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
    1. Start scanning the new Confluence app for risks.
    2. Monitor the scan results.
      During the discovery phase, Data Security scans files and matches them against enabled default policy rules.
      Verify that your default policy rules are effective. If the results don’t capture all the risks or you see false positives, proceed to the next step.
    3. (Optional) Add new policy rules.
      Consider the business use of your app, then identify risks unique to your enterprise. As necessary, add new:
    4. (Optional) Configure or edit a data pattern.
      You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
    5. Next step: Proceed to Customize Confluence App and Fix Confluence Onboarding Issues, if necessary.

    Customize Confluence App

    If you plan to manage more than one instance of Confluence app, consider differentiating your instances.
    1. (Optional) Give a descriptive name to this app instance.
      1. Select the Confluence n link on the Cloud Apps list.
      2. Enter a descriptive Name.
      3. Click Done to save your changes.
    2. Next step: Proceed to Fix Confluence Onboarding Issues.

    Fix Confluence Onboarding Issues

    The most common issues related to onboarding the Confluence app are as follows:
    Symptom
    Explanation
    Solution
    During creating application links, the Confluence web interface displays errors, requesting required Service provider, Shared secret, Request Token URL, and Access Token URL.
    These errors are not required for onboarding. These errors occur when you forget to select the Create income link checkbox.
    Delete the application links you created and recreate them with the Create income link selected.

    © 2024 Palo Alto Networks, Inc. All rights reserved.