Enhanced documentation: Audit log activity descriptions

Hi Audit log community 👋

We’ve recently made a meaningful improvement to help you better understand what’s actually happening in your audit logs.

A consistent theme we’ve heard from admins is that audit log activity names can be hard to interpret, as they do not always provide enough context to clearly understand what happened. When similar terms like “deleted,” “removed,” or “revoked” appear, it can be challenging to identify which activity is the right one to focus on during an incident review or investigation.

To help address this, we’ve:

• Done a large clean-up and refresh of our Audit Log support documentation

• Added 600+ activity descriptions to provide clearer context for events that were previously easy to misinterpret or overlook

These descriptions are designed to explain what the event represents, what changed, and how it fits into common admin workflows - so you can spend less time guessing and more time taking action.

You can explore the updated activity descriptions here:
👉 https://support.atlassian.com/security-and-access-policies/docs/audit-log-activities-database/

Right now, these improvements are focused on the support documentation. We’re also exploring how we might surface this guidance more directly within the audit log experience over time.

We’d love to hear from you

• How are you finding the updated activity descriptions?

• Are they helping you move through investigations or reviews more confidently?

• Would having these descriptions available directly in the audit log UI (for example, inline or in the side panel) uplift your experience?

Your feedback plays a big role in shaping what we improve next.

Many thanks!

Georgia and the Atlassian team