What are some of the best practice for auditing confluence access?
Apart from using the usual ITGC framework; looking at user access provisioning, termination, access review what are things do people look out for?
Also given the immense amount of logs, what are some of the key logs that should be reviewed?
Hi Liang,
it might depend on what you are looking for - or in other words: who requests the logs / the audit.
Confluence comes with an audit log:
https://confluence.atlassian.com/doc/auditing-in-confluence-829076528.html
If it is still needed to save the logs for somebody depends on what your requirements are.
In case you are using external tools like a Single-Sign-On and/or a role base access model those environments might have their own logs.
Cheers,
Daniel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.