Atlassian Confluence Audit: Critical DCR Fix Restores Data Ingestion After Stream Declaration Error

What Changed

Updated stream declarations in the Atlassian Confluence Audit CCF Data Connector DCR configuration to align with expected naming conventions and corrected column mappings.

Security Impact (Visibility & Fidelity)

The DCR stream declaration error caused the connector to fail at creation — zero audit data was ingested by affected deployments since installation. This represents a complete blind spot for Confluence security monitoring including administrative actions, permission changes, and content access patterns.

Key fixes include:

• Stream name corrected from Custom-ConfluenceAuditLogs to Custom-ConfluenceAuditLogs_CL to match expected naming convention
• Column mapping correction for affectedObject.objectType field (was using .type instead of .objectType)
• Enhanced TimeGenerated logic with null handling for missing creationDate values
• Sample query improvement replacing OriginalEventUid with Category for better user guidance

The connector now properly ingests Confluence audit events to the ConfluenceAuditLogs_CL table, restoring visibility into user activities, administrative changes, and potential security incidents within Confluence environments.

Affected Files

Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DCR.json
Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_DataConnectorDefinition.json
Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_PollingConfig.json
Solutions/AtlassianConfluenceAudit/Data Connectors/AtlassianConfluenceAuditLogs_CCP/AtlassianConfluenceAudit_table.json
(packaging artefacts: 3.0.7.zip, ReleaseNotes.md, Solution_AtlassianConfluenceAudit.json, createUiDefinition.json, mainTemplate.json)