Security for Confluence
Secret Scanner to Discover Sensitive Information Published in Confluence
Over 200,000 people rely on Security for Confluence to audit, detect, and remove secrets.
Soteri Is Protecting Top Companies
Trusted by the Fortune 500 because we don't phone home like other competing brands.
What will an attacker find in Confluence?
How Theft of user account credentials and sensitive data from Confluence.
Result $46 million in costs and damages
How Spy drone breached network, scanned Confluence, and found secrets.
Result Access to financial systems
Confluence CVE-2023-22515
Allows an unauthenticated attacker to create unauthorized administrator accounts in Confluence.
Confluence CVE-2022-26138
Allows an unauthenticated attacker to login to Confluence using a hardcoded password from a popular app.
Confluence CVE-2022-26134
Allows an unauthenticated attacker to remotely compromise unpatched Confluence servers by creating new a administrator account and executing arbitrary code.
Assume an attacker is in your systems...
Whether from a new CVE or something else.
What will they find?
Privacy
Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere.
Confluence Cloud
Rest easy knowing Soteri doesn't store the text of any of your content, nor use it as data to train AI models which themselves could be a target for attack.
Confluence Data Center
Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.
Enhanced Confluence Security
A plug-and-play Confluence app that scans your pages and spaces for sensitive information so that common mistakes are caught before they are exploited by attackers.
No need to worry about 3rd party vendor compliance or reliability since Soteri's Secret Scanning is hosted within Confluence Data Center. Installation takes only 30 seconds. On Cloud? We support Confluence Cloud as well.
Three Easy Steps to Secure Confluence
Adding secret scanning to your security testing is simple with Security for Confluence.
1. Audit
Put your security on autopilot with scheduled audits or trigger manual audits.
Routine secret scanning audits are key to ensuring Confluence security issues are identified ASAP.
2. Detect
Discover secrets, before the attacker with built-in and customizable scanning rules.
Keep your Confluence pages and spaces free of API keys, passwords, and much more!
3. Secure
Secure your systems to prevent data breaches by changing and removing your secrets.
View the docs for more info on handling discovered secrets.
Built to Maximize Your Confluence Security
Space and Page Scanning
Run automated scans for entire spaces or individual pages. This enhanced secret scanner also scans page history to find vulnerabilities in past document versions.
Find a false positive? Ignore it with a press of a button.
Find Commonly Leaked Secrets, and Then Some
Have confidence in your Confluence secret scanning as 40+ secrets are automatically detected. The built-in patterns detect leaked credentials, private keys, API keys, PII, credit card numbers, banking information, and more.
You can also add your own patterns via regex rules to detect other secrets.
Downloadable Reports of Scan Findings
Confluence administrators can export the secret scanning findings into a CSV that'll show each Confluence space, title, and name of the secret found (+6 other columns).
REST API for Scripting and Automation
Use the API to create automations that scan your Confluence spaces, download the results, and automatically notify people about them. For more complex workflows, you can automate alerting the proper person/team depending on the secret found or where it was found.
Demonstrate Compliance for GDPR, CAIQ, HIPAA, and More
Running automated scans to identify security issues can help you gain and demonstrate compliance for GDPR, CAIQ, HIPAA, and multiple other security standards.
Be Confident in Your Cloud
Without Soteri
With Soteri Scanning
Security for Confluence FAQs
Here's more information about Security for Confluence.
Need something else? Start a chat in the bottom right.
Which secrets does Security for Confluence look for?
The software automatically detects over 40 secrets in Confluence spaces and pages. Here's a full list of the secrets we scan for. You can easily add additional rules in the UI using regex.
Is my data private?
Yes! Soteri respects data sovereignty, ensuring your sensitive information remains secure, confined and never transmitted elsewhere. In other words, we don't phone home.
Is this compatible with Confluence Cloud and Data Center?
Yes it is! For Confluence Cloud go here and for Confluence Data Center go here.
Do you offer support?
Yes, 24 hours a day. Through our support portal you can get in touch with us, report a bug, suggest a feature, and more!
What happens if Security for Confluence finds sensitive data?
All secrets detected by a security scan should be considered compromised. We recommend changing the secret (e.g., reseting passwords or rotating API keys), and removing it from Confluence. Here are the full docs for more info.