Hi all, I’m Jonathon, a product manager on cloud security. I’m pleased to announce that we are launching our first set of user activity logs with our Cloud Enterprise offering.
What are user activity logs? They’re a new category of audit log event types that track user actions inside of Atlassian cloud products, in addition to the existing coverage of org admin events. This includes events like if a user viewed a Confluence page or deleted a Jira issue.
If you need audit logs to meet compliance needs, conduct security investigations, or simply troubleshoot issues in your Atlassian cloud products, read on to see how the new user activity logs can help you.
Historically, assessing data loss or leakage in a security incident has required you to contact Atlassian support, which often results in a months-long investigative process and not always one that ends with answers.
Now, with user activity logging, assessing impact is as simple as going to the audit log in your Atlassian administration interface and scanning for a compromised user account’s activity or for everyone that looked at a specific piece of content. We know this is a critical security need – the kind you might not use every day but absolutely has to be there when you need it.
Using our audit log API, you can also retrieve these logs for cold storage or to process with your own security intelligence solutions. Here’s some additional documentation on our audit log API: https://developer.atlassian.com/cloud/admin/organization/rest/api-group-orgs/#api-orgs-orgid-events-get
Through conversations we’ve had with you over the past year, we know enterprise compliance often includes a comprehensive record of user activity in our products. While the types of activities that an organization creates often vary, as do the activities different organizations want to keep track of, we’re starting with these most common and essential events first.
If your compliance checklist ever required tracking user views of data in Jira and Confluence, we’ve now got you covered!
We know some customers are subject to different data residency needs than others, so we wanted to give you the flexibility to choose whether or not your user-generated content is stored in the audit log. Right now, we don’t yet support location-specific storage for logging, so if things like issue IDs and page titles are part of your data residency regime, you can opt out of storing them. Data residency and its nuances are deeply complex, so if you want to know more about this specific set of features, you can read more here:
Because of the complexity of data residency requirements, we wanted to give you as much flexibility and customizable control here as possible so you can tailor to your own needs.
Atlassian’s journey into the cloud is a marathon, not a sprint, and that includes our ongoing investments in security visibility and audit logging. We plan to continue to add new events into our audit log as we have been for the past several years and now with user activity logging that will include future coverage of more user event types, additional products, and more. If space interactions matter to you more than pages or Bitbucket generates stricter logging needs than Jira, we aim to meet or exceed your needs soon. We plan to continue making improvements to the audit log across all cloud editions so stay tuned.
If you have ideas or suggestions, let us know in the comments. We’d love to hear from you!
Jonathon YuAtlassian Team
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events