Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Seeking feedback - admin audit logs on Cloud

Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 15, 2024

Hi Community,

My name is Jonathon and I am a Product Designer at Atlassian.

We are currently exploring how we might improve the Admin Hub audit logs page on Cloud.

screenshot_OrgAuditLog.pngWe would love your feedback on the following:

  • What do you mainly use the Audit Log page for?

  • What is working well?

  • What can be improved?

  • What do you wish was there but isn’t?

Many thanks,

Jonathon

Comment
Watch
Like # people like this
1221 views

12 comments

Comment

Log in or Sign up to comment
Amar Khot
Amar Khot
Contributor
August 15, 2024

Hi Jonathon,

Appreciate the approach.

We need an API to export the admin log periodically. Is there a plan to provide the APIs?

 

Regards

Amar Khot

Like # people like this
Reply
Jonas Fiener
Jonas Fiener August 15, 2024

Hi Amar,

 

you can check this article, perhaps thats what you searching for:

The Organizations REST API REST API (atlassian.com)

 

Regards

Jonas Fiener

Like # people like this
Benjamin Horst
Benjamin Horst
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 1, 2024

For the rich (Enterprise plan for Jira or Confluence or Atlassian Guard Premium), there is a webhook for audit logs as well. 

https://support.atlassian.com/security-and-access-policies/docs/learn-more-about-audit-log-webhooks/

If your company requires audit log streams, the REST API as suggested by Jonas is probably not going to fit your needs.  

Like
Rex
Rex
Contributor
August 15, 2024

Our customers want logs of attachment uploads and downloads. Implementing a CASB to handle this would be a huge burden due to labour and cost. We look forward to your consideration.

Like # people like this
Reply
Steve Davis
Steve Davis
Contributor
August 16, 2024

A recent problem we discovered is that if a status is renamed then the audit log only shows what the status was renamed 'to', not what it was renamed 'from'. This is not helpful if you need to rollback that change!

Can you please make sure that any logged information shows both a 'from' and 'to' value?

Thanks - Steve

Like # people like this
Reply
Gavad Khan (PS)
Gavad Khan (PS)
Contributor
August 16, 2024

I would love to have following

  • Rest api to extract / feed data to external log monitoring system 
  • Feed more data i.e.
    • Add-on apps data fetch/update or any interaction logs - this is needed in order to get insight about how 3rd party marketplace vendor interact with Atlassian cloud site and what type of data their apps fetch & update  
    • Product admin configuration changes - In past, I discovered several admin configuration changes which were not logged. Even some cases, author was blank
Like # people like this
Reply
Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 4, 2024

Hi @Gavad Khan (PS). Many thanks for your detailed response. I just had a couple of follow up questions.

Would webhook registration help re the quest "feed data to external log monitoring system"?

In terms of the inclusion of 3rd party app data, if the app data was made available, would you have a need to find these events using the Audit Log UI or would you mostly be using a 3rd party tool? 

Thanks,

Jonathon

Like Benjamin Horst likes this
Tyler Stephens
Tyler Stephens
Contributor
August 16, 2024

Hi Jonathon,

The logs could be more specific, making it difficult to understand what occurred. More information included in each entry would be very beneficial. 

Like Jonathon Conkey likes this
Reply
Gus_Vega
Gus_Vega
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 16, 2024

We need parameters added so we can filter down based on the event category within the UI versus having to export to a csv and modify to filter with excel. This should be a common capability.

Also, by filtering down by parameters we would hopefully get more results based on the information we are actually looking for. 

 

 

Like Jonathon Conkey likes this
Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 4, 2024

Thanks for this @Tyler Stephens

Are there any workarounds or processes that you have used to address the shortfall of information provided in the events? Eg Have you had to reach out to different teams in your organisation to help provide clarity on some of the log entries?

Kind regards,

Jonathon

Like
Ashley
Ashley
Contributor
August 16, 2024
  • I wish the audit log activities included adding and removing a user as site admin
  • I wish I could easily search for audit log activities by instance, whether to exclude a particular instance or only include a particular instance
Like # people like this
Reply
Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 4, 2024

Hi @Gus_Vega I just wanted to clarify your filtering comment. Would the following meet your needs? Would this help you pinpoint and return to relevant log events in the UI?

  1. Select an event category
  2. Subsequent filters such as 'Activities' are dynamically populated based on the chosen event category
  3. Table columns are dynamic based on chosen event category in order to provide more relevant info
  4. Filtered views can be saved and be easily returned to on subsequent visits

Let me know if there's anything missing there or if I have misunderstood.

Thanks,

Jonathon

Like Gus_Vega likes this
John Dunkelberg
John Dunkelberg
Contributor
August 16, 2024

Not sure on Cloud's current state, but in Datacenter recently I was surprised that the the audit log shows Workflow Scheme changes, but not Issue Type Scheme changes.

Like Jonathon Conkey likes this
Reply
Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 4, 2024

Hi @John Dunkelberg. Issue Type Scheme changes should be available in the Jira System Audit Logs in Cloud.

Many thanks,

Jonathon

Like
Karine VANEL
Karine VANEL
Contributor
August 19, 2024

Hi Jonathon,
Have the possibility to subscribe to certain audit log et perhaps to have graphs by period to analyse action in audit log (and export this report graph) 

Like Jonathon Conkey likes this
Reply
Kelvin CHUA
kc
Contributor
August 26, 2024

  • What do you mainly use the Audit Log page for?It's the only place in the event, short of a better word "incident", where we can go to, to find out what happened via the Product, Access and User audit logs. 

  • What do you wish was there but isn’t?I'm not sure, say in the event of a credential compromised, are the logs "immutable"? To prevent malicious actor from deleting or locking up the logs to cover the traces of malicious activities? As the primary objective is to ensure non-repudiation. 
    If we are using our own identify provider, can we have logs on the use of the user/admin accounts that access and administer the Atlassian Cloud?

Coming from a security angle, sharing the link below which i though it a good reference point.

https://www.cyber.gov.au/sites/default/files/2024-08/best-practices-for-event-logging-and-threat-detection.pdf

My 2 cents.

Kc

 

 

Like # people like this
Reply
Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 27, 2024

I would like to thank everyone for the responses so far. Your feedback has been really valuable for the team.

I hope to reach out to this group again soon once we have some concepts ready for testing.

Like Ashley likes this
Jonathon Conkey
Jonathon Conkey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2024

Hi everyone. I hope all is well.

Thanks again for your input in regards to improving the Admin Hub Audit Log page on Cloud.

If you're interested in providing feedback on some concepts the team has put together, I would love to hear from you.

Follow this link so we can ensure you are a good fit and then I can organise a time that suits.

What’s involved in the research:

  • Sessions are 1 hour and conducted via Zoom, so you can participate from anywhere around the world.

  • During the research, we'll start with a general chat to get to know you. Then, we’ll share some design concepts and a prototype to obtain your feedback.

  • As a token of our appreciation, you'll receive an e-gift card worth $100 USD within 5 business days of completing your session.

I look forward to hearing from you.

Kind regards,

Jonathon

FYI @Gus_Vega @Amar Khot @Karine VANEL @Gavad Khan (PS) @Tyler Stephens
@John Dunkelberg @Ashley @Rex @Steve Davis

Like kc likes this
Reply
Benjamin Horst
Benjamin Horst
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 1, 2024

Hi Jonathon, 

we mainly use the log for retrieving changes in the form of "what was changed in that project at what time" to fix changes that had a bigger effect that expected.

The log is working well when just searching one word. As soon as I add two, the search is close to unusable. Searching for short space keys brings up results can bring up whole words that don't fit to the project I needed. 

So I'd like to see a filter function for projects and for more specific types of changed to get the change of a group for example. Or even better a search that can sort by relevance and in which I can search using

  • "<searchterm>" -> to only find exactly that word and not a substring 
  • minus -> excluding words
  • AND finding two words

And last not least: would be great to have the option to use an audit stream in non-Enterprise Environments.

Regards

Benjamin 

Like Jonathon Conkey likes this
Reply
Alex Hall
Alex Hall
Contributor
October 17, 2024

We had a recent issue where the owner of several dashboards was removed/deactivated. 8 days later the system moved the dashboards to the trash. The audit log didn't list moving the dashboards to the trash nor did it connect to the two seemingly disparate activities.

Seems like system actions (like systematically deleting dashboards) should appear in the audit log.

Like Jonathon Conkey likes this
Reply
groups-icon
Enterprise
TAGS
AUG Leaders

Atlassian Community Events

    See all events