From 356ecc5748aa8649ca00130943e6d8f43a73a5fa Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Tue, 9 Dec 2025 09:48:05 -0800
Subject: [PATCH] Atlassian key update

---
 data/rules/atlassian.yml | 63 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 62 insertions(+), 1 deletion(-)

diff --git a/data/rules/atlassian.yml b/data/rules/atlassian.yml
index 5d198ee..a92b279 100644
--- a/data/rules/atlassian.yml
+++ b/data/rules/atlassian.yml
@@ -38,4 +38,65 @@ rules:
             - type: WordMatch
               words:
                 - "Unauthorized"
-              negative: true
\ No newline at end of file
+              negative: true
+  # - name: Atlassian Organization ID
+  #   id: kingfisher.atlassian.2
+  #   pattern: |
+  #     (?xi)
+  #     admin\.atlassian\.com
+  #     /o/
+  #     (
+  #       [0-9a-f]{8}
+  #       -
+  #       [0-9a-f]{4}
+  #       -
+  #       [0-9a-f]{4}
+  #       -
+  #       [0-9a-f]{4}
+  #       -
+  #       [0-9a-f]{12}
+  #     )
+  #   min_entropy: 2.0
+  #   confidence: medium
+  #   visible: false
+  #   examples:
+  #     - https://admin.atlassian.com/o/12345678-9abc-def0-1234-56789abcdef0/api-keys
+  - name: Atlassian Admin API Key
+    id: kingfisher.atlassian.3
+    pattern: |
+      (?x)
+      (?:atlassian|api\.atlassian\.com)
+      (?:.|[\n\r]){0,128}?
+      \b
+      (
+        AT
+        [A-Za-z0-9_\-=]{60,260}
+      )
+      \b
+    min_entropy: 3.8
+    confidence: medium
+    examples:
+      - |
+        # Example usage calling the Atlassian admin APIs
+        curl --request GET \
+          'https://api.atlassian.com/admin/v1/orgs' \
+          --header 'Authorization: Bearer ATEXAMPLE1234567890abcdefghijklmnopqrstuvwxyz_-ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789foobarAA11BB22'
+    references:
+      - https://developer.atlassian.com/cloud/admin/organization/rest/
+      - https://developer.atlassian.com/cloud/admin/api-access/rest/
+      - https://support.atlassian.com/organization-administration/docs/manage-an-organization-with-the-admin-apis/
+      - https://community.atlassian.com/learning/lesson/what-are-admin-apis
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://api.atlassian.com/admin/v1/orgs
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: JsonValid
\ No newline at end of file