Hello Atlassian Community,
We are evaluating a potential future migration from Atlassian Cloud Premium to Atlassian Government Cloud and are trying to confirm whether our current Splunk/SIEM integration model would be supported in Government Cloud.
Current state:
Splunk pulls Atlassian admin events from our Atlassian Cloud environment.
The connection is API-key based.
Splunk uses the Atlassian organization ID and an Atlassian-generated API key.
Splunk pulls from Atlassian every 5 minutes.
The data source is Atlassian admin events only.
The integration does not use Marketplace apps, connectors, custom scripts, webhooks, or Jira automations.
The API key is stored on the Splunk side as part of the Splunk configuration and is encrypted once provided.
This data will be used for SIEM monitoring, reporting, dashboards, and/or alerts.
I am trying to confirm whether this same or equivalent model is supported in Atlassian Government Cloud.
Questions:
Are Atlassian admin events available through API access in Atlassian Government Cloud?
Can Splunk pull admin event data from Government Cloud using an organization ID and API key?
Is the same or equivalent API scope/access method available in Government Cloud?
Are there any Government Cloud restrictions on external SIEM tools pulling admin event data every 5 minutes?
Are there different endpoints, authentication methods, allowlisting requirements, or security review steps required for this type of integration?
Are there any FedRAMP, data boundary, or compliance limitations that would prevent or change this integration model?
If this exact model is not supported, what is the recommended approach for pulling or forwarding Atlassian Government Cloud admin/audit events into Splunk?
To clarify, this is not a Marketplace Splunk connector question. This is specifically about API-based admin event collection from Atlassian Government Cloud into Splunk.
Any guidance or documentation references would be appreciated.
Hi @Jalesa Rogers, the honest answer up front: this isn't something the community can confirm authoritatively. Atlassian Government Cloud is a separate environment from commercial Cloud and doesn't have full feature parity, so what works against api.atlassian.com today can't be assumed to behave identically there, endpoints included. For a migration and FedRAMP decision you'll want this confirmed in writing by Atlassian rather than inferred on a forum.
What I can pin down is the mechanism you're describing, so you can ask the precise question. On commercial Cloud that "admin events via API key" model is the Organizations REST API audit events endpoint, GET api.atlassian.com/admin/v1/orgs/{orgId}/events (or /events-stream for polling), authenticated with an org-level admin API key, and org audit log access is gated behind Atlassian Guard or Cloud Enterprise. The relevant nuance for Government Cloud is that Atlassian Guard Standard is included in the subscription, so the audit-log capability tier is present in principle, but that still doesn't confirm the API surface, endpoints or allowlisting match.
So the path I'd take is your Atlassian government channel (your Carahsoft or Atlassian government contact, plus Atlassian Support under your Gov Cloud entitlement), and ask them to confirm specifically:
The page to watch as parity expands is here: Apps and features available for Atlassian Government Cloud
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.